Sensible Use of E-Mail

The office equipment provided to employees by employers generally includes an e-mail programme, which is sometimes integrated into Office Manager. E-mails enable the exchange of professional information, and sometimes private information as well, both within the company and with external contacts. Special attention must therefore be devoted to the protection of electronic communication, particularly through the use of e-mail programme functions which are frequently not widely known and therefore hardly ever deployed.

A good example is the use of the field "BCC" (blind carbon copy) instead of the "To" field in order to create the impression among the numerous recipients that they are being addressed individually, i.e. the addresses of the other people receiving the mail are not shown. This function is especially suitable for impersonal messages (advertising, announcements,…) going to a group of persons who do not know each other, but it violates the principle of transparency when it is used in order to send a "blind" copy ("BCC") to recipients other than the primary and secondary recipients indicated by "To" or "CC".

The request for a confirmation of receipt and especially for a confirmation message read guarantees to the sender that the recipient cannot deny having received a transmitted and opened (therefore probably read) message.

The option "send later" permits a time delay to be applied to the message, while the option of specifying an "expiry date" provides for the automatic deletion of out-of-date messages which are no longer topical and therefore not worth reading.

The "cancel message" function allows a message sent by mistake to be cancelled, provided the command is given before the recipient has received the message.

The settings for send also permit the level of confidentiality to be specified for every transmitted message (standard, personal, private, confidential). Messages marked "private" thus do not show up in the in-boxes of persons who may have been granted a delegated right of access (see below). Messages marked "confidential" should be forwarded only when the intention to pass on the information to further recipients has been explicitly confirmed.

The most secure guarantee of confidentiality is without any doubt the encryption of content and attachments (asymmetric encryption in a public key infrastructure). Encrypting also guarantees the integrity of the received data, for the slightest change in the encrypted message, be it deliberate or accidental, makes it impossible to decode the encrypted message. If in addition to this the original message is provided with a digital signature, the recipient is able to verify the authenticity of the sender.

User-defined settings can also allow messages, on the basis of certain specified criteria relating to content and/or marginal data, to be for example automatically examined, assigned to certain categories (for example, private) moved, deleted, copied or forwarded. It is also possible to compile a list of blocked senders from whom messages are unwelcome (junk-mail, spam etc.).

In the event of an absence from the office there is the possibility of setting up an automatic notification of absence in order to inform the sender of the length of the absence (it is generally unnecessary to give reasons) and to provide the address of an emergency contact person. For the same eventuality, the automatic forwarding of incoming mail to a specified external address can be selected. This calls for the utmost caution, however, especially when confidential messages, potentially sensitive for employees and employers, are forwarded to mailboxes accessible via the internet and hence less secure.

A final mention must be made of the important question of storing exchanged messages. Although in practice too much mail tends to be stored and starts to fill up and exceed the storage space available, it still happens nonetheless that important messages are deleted over hastily or are difficult to retrieve. The solution here is to use an unnamed service mailbox (e.g. and to draw up strict regulations on the storage of messages in the management system of the company.

Dans le cadre des systèmes de gestion de courriels, les messages font l'objet d'un pré-traitement automatique basé sur des règles d'entreprise (business rules) définies par l'employeur pour leur validation, catégorisation, "prioritisation", acheminement, conservation et archivage. Les employés ne reçoivent alors souvent qu'un jeton d'accès au message original conservé dans une base de données, si bien que la protection de leur sphère privée passe par une absolue transparence des opérations de traçage et de leur finalité, par la mise à disposition d'une fonction de suppression physique des messages privés reçus, ainsi que par un avertissement avant toute suppression définitive d'éléments privés afin de permettre leur sauvegarde.

E-mail-programmes provide for messages to be subjected to a pre-processing on the basis of business rules laid down by the employer to cover such matters as validation, categorisation, prioritisation, forwarding, storage and archiving. This system frequently authorises employees to access only those messages stored in a database. The protection of the private domain therefore presupposes that follow-on actions and their purpose are totally transparent, and also that users have at their disposal a function permitting the physical deletion of private messages and that they will be notified prior to the definitive deletion of private items so that they can, if need be, safeguard them.

In the deletion of messages the greatest danger derives from the fact that messages are routinely formally deleted, i.e. they are simply moved to a folder containing deleted files where, however, they continue to be legible until a physical and definitive deletion (manual or through automatic emptying on exit) has taken place. A well informed user should be familiar with the procedure for the definitive deletion of certain messages. But there is of course a further risk in the fact that the automatic storage of e-mail data can cause a deleted message to continue to exist on a data carrier to which it has been transmitted in the period between the downloading of the message and its physical deletion.

Finally an employee can designate delegates, who are allowed access to certain folders of his or her electronic workplace (for reading, compiling, changing and/or deleting). The in-box settings can specify whether a delegate can send or answer a message on behalf of the owner, whether he or she is supposed to receive a copy of messages concerning dates of meetings, and whether or not he or she is permitted to see private items (new messages as well as dates/deadlines, contacts and where necessary work assignments). The best way of protecting private messages naturally is to store them in a personal folder which is protected by a password and is encrypted in a unit which is not released but which is nonetheless regularly secured.

In conclusion it should be noted in this connection that internet-mail (external mailboxes accessible via POP3 or IMAP4 protocols) is mostly deactivated by the employer for obvious security reasons. Mail systems that are exclusively internet based, some of which support encryption and digital signatures, can however be of considerable interest to employees, both professionally and for private use.

[July 2002]