|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT-user
Email should not remain stored on the stack of incoming mail for an unnecessarily long period of time. E-mail should either be deleted after it has been read, or relocated to a corresponding user directory if it is to be retained. If too much e-mail is archived on the incoming stack, the IT system (mail server or mail client) managing this stack will reject new incoming e-mail if the storage space becomes insufficient.
Users must be informed that e-mail which they have deleted via their mail application is usually not erased irrevocably. Instead of deleting e-mail immediately, many programs transfer it to a special folder. Users must be briefed on how to completely delete e-mail on their clients.
Even after having been deleted completely on a client, e-mail may still be present on a mail server. Many Internet providers and administrators archive incoming and outgoing e-mail. Instead of deleting e-mail, many mail applications transfer it to a cybernetic rubbish bin which is emptied every now and then.
Users must be made aware of the fact that the confidentiality of e-mail can only be ensured by encryption, and not necessarily by quick deletion following receipt.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |