[lug] off topic email question
jeff at zingstudios.com
Wed Feb 27 17:46:19 MST 2008
Like you, I've watched this story for the past few months with a mix of
suspicion and humor.
I run e-mail for a hundred or so domains, totaling maybe a thousand
individual users. That's a lot of messages coming and going on a given
day. To make matters worse, as we all know only a fraction of what
comes in is legitimate-- the rest is spam that's discarded via
greylisting or scanning and filtering.
A nightly backup of the mail spool on a server would be largely useless.
It would save copies of any messages that arrived but weren't
downloaded, so if the backup runs at, say, midnight then it'll catch
stuff between the end of the business day and that time. That's
assuming the people aren't checking their mail in the evening. Since
people are downloading messages constantly (my own client checks my
mail every 60 seconds), in many cases the content of the message is
only on the server for a matter of minutes or perhaps hours.
[ The above doesn't apply if people are using IMAP and storing their
mail on the server, but in my experience that's rare. Most of my users
POP their mail and delete it from the server. ]
Thus, in order to truly capture and backup every message, something
needs to be done at the MTA level. I happen to use qmail, and it has a
mechanism to send a copy of every message-- incoming and outgoing-- to
a place defined by the admin. I'm sure other MTA's have similar
functionality. In theory, then, I could save a copy of all of it in a
directory not available to the users, and backup that directory.
I don't do that.
First, I believe strongly in the privacy of my customers. I have no
reason to store messages that may contain personal information, private
conversations, proprietary business data, etc. If I was using an ISP
for my own mail, I wouldn't want them storing it, and I think I should
treat others as I'd like to be treated.
Second, if I'm storing messages beyond the usual deliver-and-download
process, I incur a liability to protect and manage that data. What if
someone managed to break into the server and find the directory with
tens of thousands of archived messages? Whee! Witness the spectacle
Third, with the volume of e-mail that flies around these days, there are
storage considerations. Assuming an average business user sends 10
messages per day, and each message is 20kB, and I have a thousand
users, I'm amassing 200MB of archived mail every day. And everyone
knows 10 x 20kB messages is on the low end. :) Disks are cheap, but
that adds up.
And fourth, I defy the police state mentality that seems to pervade our
country. The government (and other agencies) seem to think it's okay
to swoop into an ISP and gather all sorts of data for their various
witch hunts. If someone comes to me and demands the last 30 days of
e-mail from a customer account, I can honestly say I don't have it. It
protects the customer, and it gives me plausible deniability.
That being said, I believe there are federal laws that *require* the
government to archive all e-mail messages to elected officials. They
can't really use any of the reasons I've mentioned here-- they *must*
implement mechanisms to copy all messages and archive them to backup
media. As a result, the whole White House debacle is at best an
embarrassment to the IT clowns over there, and more probably a
violation of law that should be investigated.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the LUG