I’m part of a local Linux e-mail list, and occasionally we geek out about technical topics. Today was a good one– someone started a discussion with this:

I think this appropriate for the group, especially those that are email admin gurus.

All the major news sites are reporting the executive office’s loss of email. estimates as high as 1000 days.

Call me naive, but i imagine most every ISP i’ve ever sent / received email from has a record of that email.  I imagine every company i’ve ever worked for has access to my historical email.

Yet, I know that if I delete a mail from my mail spool on a unix system, it’s as good as gone.  Which leads me to believe that unless daily / weekly / monthly backups  are made of mail servers and then archived, it “might” be possible that there is no history of the emails.  

Before I criticize and label this as an obvious cover up by the executive branch, is there even any ounce of truth that there would be no foul play involved?

If there wasn’t any tampering and this actually “just” happened, anybody that has faith in the administration for the last 8 years has got be pretty disappointed knowing that the party that’s supposed to be tough on torror is completely and utterly technologically inept at even the most basic things as a nightly backup, no less in the highest levels of national office.  It’s a serious joke.  

I can’t help but think a group of 16 year old script kiddies would make our nat’l specialists look foolish.  Sad but true.

Although I should be slamming out PHP code for my clients, I figured I’d chime in with my own take on the matter. To wit:

Like you, I’ve watched this story for the past few months with a mix of suspicion and humor.

I run e-mail for a hundred or so domains, totaling maybe a thousand individual users.  That’s a lot of messages coming and going on a given day.  To make matters worse, as we all know only a fraction of what comes in is legitimate– the rest is spam that’s discarded via greylisting or scanning and filtering.

A nightly backup of the mail spool on a server would be largely useless.  It would save copies of any messages that arrived but weren’t downloaded, so if the backup runs at, say, midnight then it’ll catch stuff between the end of the business day and that time.  That’s assuming the people aren’t checking their mail in the evening.  Since people are downloading messages constantly (my own client checks my mail every 60 seconds), in many cases the content of the message is only on the server for a matter of minutes or perhaps hours.

Thus, in order to truly capture and backup every message, something needs to be done at the MTA level.  I happen to use qmail, and it has a mechanism to send a copy of every message– incoming and outgoing– to a place defined by the admin.  I’m sure other MTA’s have similar functionality.  In theory, then, I could save a copy of all of it in a directory not available to the users, and backup that directory.

I don’t do that.

First, I believe strongly in the privacy of my customers.  I have no reason to store messages that may contain personal information, private conversations, proprietary business data, etc.  If I was using an ISP for my own mail, I wouldn’t want them storing it, and I think I should treat others as I’d like to be treated.

Second, if I’m storing messages beyond the usual deliver-and-download process, I incur a liability to protect and manage that data.  What if someone managed to break into the server and find the directory with tens of thousands of archived messages?  Whee!  Witness the spectacle of MediaDefender.

Third, with the volume of e-mail that flies around these days, there are storage considerations.  Assuming an average business user sends 10 messages per day, and each message is 20kB, and I have a thousand users, I’m amassing 200MB of archived mail every day.  And everyone knows 10 x 20kB messages is on the low end. 🙂  Disks are cheap, but
that adds up.

And fourth, I defy the police state mentality that seems to pervade our country.  The government (and other agencies) seem to think it’s okay to swoop into an ISP and gather all sorts of data for their various witch hunts.  If someone comes to me and demands the last 30 days of e-mail from a customer account, I can honestly say I don’t have it.  It protects the customer, and it gives me plausible deniability.

That being said, I believe there are federal laws that *require* the government to archive all e-mail messages to elected officials.  They can’t really use any of the reasons I’ve mentioned here– they *must* implement mechanisms to copy all messages and archive them to backup media.  As a result, the whole White House debacle is at best an embarrassment to the IT clowns over there, and more probably a violation of law that should be investigated.