Email Classification - Why Should it Matter to You?
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Email Classification - Why Should it Matter to You?



In this white paper, learn the basics of email classification, what it is, why it could assist your overall email management strategy and learn how to accomplish it. ...

In this white paper, learn the basics of email classification, what it is, why it could assist your overall email management strategy and learn how to accomplish it.

Download Free Trial -
Get a Quick Quote -
Contact Us Now -



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Email Classification - Why Should it Matter to You? Document Transcript

  • 1. Email Classification -Why Should It Matter to You?A Best Practice White PaperWritten by Grant Lindsay,Product Manager, Sherpa Software 456 Washington Avenue, Suite 2  Bridgeville, PA 15017  
  • 2. Email Classification – Why Should It Matterto You?INTRODUCTIONWhat is email classification you ask? And should it be on your radar? For this discussion, lets define emailclassification as the process of tagging email messages with labels to assist in managing those messages as theyeither move through or rest in the email environment. For example, a message might be classified as “privileged,”“confidential,” “secret,” “private,” or “business relevant.” A message with a “business relevant” classification may beretained for three years, whereas a message classified as “personal” may be purged after thirty days. A messagemarked “secret” may be restricted from leaving the organization’s email environment unless it is encrypted.The reasons for classifying email vary, but may include: grouping like messages together for electronic discovery[e-discovery], applying security and access control to messages of a certain type, and managing the life-span ofmessages, based on their relevancy to the business or to regulations. 1Email classification like this can aid the e-discovery process because searches can be targeted to only themessages classified “business relevant” or “privileged” and leave out other messages not pertinent to the search,which can greatly reduce the search run-time. In other cases, message classifications may be hierarchical orrelevant to only some people in the organization.Classifying or tagging emails can be done through several methods. The process of applying these tags (i.e.,classifying) may be either: ▪ Manual: The message custodian, a human, applies the classification when the message is either created or received ▪ Automatic: A computer applies the classification, based on rules or contextual analysis ▪ Hybrid: Combining both manual and automatic methods.IS THERE A NEED FOR CLASSIFICATION?At a high level, the purposes for classifying unstructured data, like email, could include: ▪ Organizing data into groups: For business reuse and e-discovery retrieval ▪ Tracking and managing data: For access control and retention windows                                                            1 For more information about the e-discovery process, check out the E-discovery Reference Model ( P a g e  | 2 
  • 3. Email Classification – Why Should It Matterto You?The decision whether to classify email data lies with each individual organization, but it is a question you should beasking. Other questions pertinent to email classification include: ▪ Will having classified messages speed up e-discovery requests? ▪ Is your organization under industry or government regulations that require us to implement email classification? ▪ Will email classification help us in other ways, like reducing storage costs or getting the big picture about feedback on our products or services?Email is just one component of an organizations unstructured data that might need to be managed with aclassification policy. However, it is an important component. Email often comprises the majority of an organizationscommunications, both internal and external. As such, it also constitutes a large part of its unstructured data.WHERE AND WHY SHOULD EMAIL CLASSIFICATION BE APPLIED?Classifying email is complicated by the fact that not all email messages are relevant from a business perspective,and would not necessarily need to be kept. Some experts estimate as much as 60% of email messages held arenot related to business. These are the “where do you want to go for lunch?” and “there is cake in the break room”types of messages. Should those messages be kept? If so, would they be under the same retention rules as other,more relevant messages, like a product quote or support question? This is where a strategic email classificationpolicy could come in handy because these non-business-related emails can be broadly classified and dealt with byan email archiving system or other email management technology en masse.If classifying email makes sense in your organization, there are some details to work out. For example, differentschemes are available to classify email such as: ▪ Security or sensitivity (e.g., privileged, secret, etc.) ▪ Retention period (e.g., “keep until...”, “delete after...”) ▪ Locations at various levels (e.g., EMEA, US, Chicago, etc.) ▪ Product lines (e.g., “gizmo,” “widget,” “gizmo 2.0”)By classifying messages in a way that makes sense for your organization, you can more easily group this datatogether for e-discovery, retention, protection, etc.For example, a product company that makes "gizmos" may want to classify any inbound messages that have"gizmo" in the body with a header called X-Product and a value of "gizmo". Later, all such messages can bediscovered easily in a search (e.g., find all messages where X-Product = "gizmo"). Additionally, the tagged P a g e  | 3 
  • 4. Email Classification – Why Should It Matterto You?messages may be collected together into a journal to comply with industry or government regulations or to helpProduct Management see feedback from customers and prospects on the gizmo product, regardless of the sourceor the recipient.In a similar way, the confidentiality of a new product, "gadget," can be protected using classification by having themail router reject any message for external recipients where the header X-Product has the value "gadget".However, before any procedure or technology can be applied to the job of classifying email, a policy must becreated. Relevant elements of the email classification policy would include: ▪ Definitions, procedures, regulations ▪ Roles, responsibilities ▪ Actions, monitoring, accountabilityHOW SHOULD EMAIL CLASSIFICATION BE APPLIED?Generally, there are two ways to classify email: automatically by a computer or manually by a human. Additionally,using a hybrid combination of these two methods might be considered.Automatically—Machine AssistedWith this kind of classification, a computer process scans message headers and bodies to make a determination asto what classifications may apply to it and update the headers accordingly. It makes these decisions in variousways, but in essence it follows a set of rules. Advantages ▪ Limited human involvement: Once configured, the machine does all the heavy lifting. Potentially, all inbound, outbound, and internal messages can be processed automatically. ▪ Consistent decisions: Assuming the rules don’t change, the computer will be faithful in applying the same classifications to like messages without deviation. However, some systems employ a kind of learning or adapting logic that, in some way or another, bases current decisions on past results. While some inconsistency may be evident early on, the intent is to make these systems more accurate at classifying messages over time. Disadvantages ▪ Computers can’t reason: They only do what they are told. This leads to various degrees of accuracy when classifying messages based purely on content or addresses, even when sophisticated and expensive learning systems are employed. P a g e  | 4 
  • 5. Email Classification – Why Should It Matterto You?Manually—User AppliedThis involves the sender applying a suitable classification to a message during composition before it is sent.Sometimes, the email client software may be able to assist the author in selecting a classification or it may preventa message from being sent if the classification is missing. Received messages (e.g., from external sources) mayalso need to be classified after the fact by the recipient. Advantages ▪ People can reason: Presumably the message author can make the best determination as to the nature of the message and, therefore, what classifications it needs. Or, if the message arrived unclassified from an external source, the recipient may be able to make that determination. Disadvantages ▪ Increased workload: Besides additional and on-going training, there is additional work on the email author’s part to consider and apply classifications. ▪ Inconsistencies: Are users being thoughtful and careful each and every time they classify an email? Are the policies clear enough that everyone will arrive at the same determination about a given messages classifications? Inconsistencies can muddy the waters when trying to manage the messages later as a group of a given type.MOVING FORWARDThere are several options for moving forward with an email classification system. Once you have identified theorganizational needs for classifying email, there are several steps Sherpa Software experts recommend beforemoving forward with implementing.Get Buy-in Business needs should drive any classification effort. If the initiative begins with the Leadership team or a department like Legal or Governance, Risk Management and Compliance (GRC,) then adoption has a higher level of likelihood. Additionally, these other departments may have important insight into crafting an email classification policy or strategy. For instance, if the goal of an email classification strategy is to secure confidential emails from leaving the organization, the Governance, Risk Management and Compliance team can direct the email administrator to look out for the right keywords or patterns (e.g. patent or credit card numbers). P a g e  | 5 
  • 6. Email Classification – Why Should It Matterto You?Draft an Email Classification Strategy Before you begin shopping for the right kind of technology to support an email classification strategy, it is vital to write the strategy down and determine what and how you are going to classify emails in your environment. This will help greatly when researching technologies.Research Supporting Technology Identify opportunities present in your existing tools. You may have all the pieces already in place. If not, understand gaps that will need to be filled by new technologies so that you can compare products based on just the features you will need. One such tool is Sherpa Software’s Compliance Attender for Lotus Notes which contains an email classification module. Compliance Attender can classify email messages based on a wide array of criteria including message content, metadata, message size, etc. Compliance Attender is a module-based email compliance system for Lotus Notes environments; available modules include journaling, filtering and ToneCheck (automated tone/sentiment analysis).As you can see, the answer to the question, should email classification matter depends. But for manyorganizations, that answer is an empathetic yes. For others, it may not be as clean cut, but the questions raisedhere will help you determine if classification is a good fit for your organization. Regardless of how you answer, youneed to be asking the questions.ABOUT THE AUTHOR- GRANT LINDSAY As the Product Manager for Compliance Attender for Notes, Grant is responsible for product research and development, pre‐sales technical support (e.g., Demos), post‐sales technical support and competitive research. Grant joined Sherpa Software in 2007 with 15 years of experience in Information Technology. Of those, more than 14 were spent building applications with Lotus Notes and Domino. He worked with a wide range of company sizes and across several industries including insurance, consulting, venture capital, manufacturing, software and more. Grant is an IBM Certified Advanced Application Developer and an expert in emailmanagement and compliance, LotusScript, Notes Formula Language, application design, and security. He is alsoskilled in C/C++ and Java Application Programming Interfaces (APIs) for Notes and Domino. Grant is accomplishedin web delivered technologies: HTML, CSS, and JavaScript. P a g e  | 6 
  • 7. Email Classification – Why Should It Matterto You?He graduated in 1995 from the Career Development Institute with a Programmer Analyst Diploma. Grant spendshis time with his wife, Lydia, of 16 years and his two retired greyhound racers, Rio and Wavorly. P a g e  | 7