In this white paper, learn the basics of email classification, what it is, why it could assist your overall email management strategy and learn how to accomplish it.
Download Free Trial - http://bit.ly/vrIxKv
Get a Quick Quote - http://bit.ly/tw8pi3
Contact Us Now - http://bit.ly/sz9x5r
Boost PC performance: How more available memory can improve productivity
Email Classification - Why Should it Matter to You?
1. Email Classification -
Why Should It Matter to You?
A Best Practice White Paper
Written by Grant Lindsay,
Product Manager, Sherpa Software
456 Washington Avenue, Suite 2
Bridgeville, PA 15017
www.SherpaSoftware.com
information@sherpasoftware.com
2. Email Classification – Why Should It Matter
to You?
INTRODUCTION
What is email classification you ask? And should it be on your radar? For this discussion, let's define email
classification as the process of tagging email messages with labels to assist in managing those messages as they
either move through or rest in the email environment. For example, a message might be classified as “privileged,”
“confidential,” “secret,” “private,” or “business relevant.” A message with a “business relevant” classification may be
retained for three years, whereas a message classified as “personal” may be purged after thirty days. A message
marked “secret” may be restricted from leaving the organization’s email environment unless it is encrypted.
The reasons for classifying email vary, but may include: grouping like messages together for electronic discovery
[e-discovery], applying security and access control to messages of a certain type, and managing the life-span of
messages, based on their relevancy to the business or to regulations.
1
Email classification like this can aid the e-discovery process because searches can be targeted to only the
messages classified “business relevant” or “privileged” and leave out other messages not pertinent to the search,
which can greatly reduce the search run-time. In other cases, message classifications may be hierarchical or
relevant to only some people in the organization.
Classifying or tagging emails can be done through several methods. The process of applying these tags (i.e.,
classifying) may be either:
▪ Manual: The message custodian, a human, applies the classification when the message is either
created or received
▪ Automatic: A computer applies the classification, based on rules or contextual analysis
▪ Hybrid: Combining both manual and automatic methods.
IS THERE A NEED FOR CLASSIFICATION?
At a high level, the purposes for classifying unstructured data, like email, could include:
▪ Organizing data into groups: For business reuse and e-discovery retrieval
▪ Tracking and managing data: For access control and retention windows
1
For more information about the e-discovery process, check out the E-discovery Reference Model (http://www.edrm.net)
P a g e | 2
3. Email Classification – Why Should It Matter
to You?
The decision whether to classify email data lies with each individual organization, but it is a question you should be
asking. Other questions pertinent to email classification include:
▪ Will having classified messages speed up e-discovery requests?
▪ Is your organization under industry or government regulations that require us to implement email
classification?
▪ Will email classification help us in other ways, like reducing storage costs or getting the big picture
about feedback on our products or services?
Email is just one component of an organization's unstructured data that might need to be managed with a
classification policy. However, it is an important component. Email often comprises the majority of an organization's
communications, both internal and external. As such, it also constitutes a large part of its unstructured data.
WHERE AND WHY SHOULD EMAIL CLASSIFICATION BE APPLIED?
Classifying email is complicated by the fact that not all email messages are relevant from a business perspective,
and would not necessarily need to be kept. Some experts estimate as much as 60% of email messages held are
not related to business. These are the “where do you want to go for lunch?” and “there is cake in the break room”
types of messages. Should those messages be kept? If so, would they be under the same retention rules as other,
more relevant messages, like a product quote or support question? This is where a strategic email classification
policy could come in handy because these non-business-related emails can be broadly classified and dealt with by
an email archiving system or other email management technology en masse.
If classifying email makes sense in your organization, there are some details to work out. For example, different
schemes are available to classify email such as:
▪ Security or sensitivity (e.g., privileged, secret, etc.)
▪ Retention period (e.g., “keep until...”, “delete after...”)
▪ Locations at various levels (e.g., EMEA, US, Chicago, etc.)
▪ Product lines (e.g., “gizmo,” “widget,” “gizmo 2.0”)
By classifying messages in a way that makes sense for your organization, you can more easily group this data
together for e-discovery, retention, protection, etc.
For example, a product company that makes "gizmos" may want to classify any inbound messages that have
"gizmo" in the body with a header called X-Product and a value of "gizmo". Later, all such messages can be
discovered easily in a search (e.g., find all messages where X-Product = "gizmo"). Additionally, the tagged
P a g e | 3
4. Email Classification – Why Should It Matter
to You?
messages may be collected together into a journal to comply with industry or government regulations or to help
Product Management see feedback from customers and prospects on the gizmo product, regardless of the source
or the recipient.
In a similar way, the confidentiality of a new product, "gadget," can be protected using classification by having the
mail router reject any message for external recipients where the header X-Product has the value "gadget".
However, before any procedure or technology can be applied to the job of classifying email, a policy must be
created. Relevant elements of the email classification policy would include:
▪ Definitions, procedures, regulations
▪ Roles, responsibilities
▪ Actions, monitoring, accountability
HOW SHOULD EMAIL CLASSIFICATION BE APPLIED?
Generally, there are two ways to classify email: automatically by a computer or manually by a human. Additionally,
using a hybrid combination of these two methods might be considered.
Automatically—Machine Assisted
With this kind of classification, a computer process scans message headers and bodies to make a determination as
to what classifications may apply to it and update the headers accordingly. It makes these decisions in various
ways, but in essence it follows a set of rules.
Advantages
▪ Limited human involvement: Once configured, the machine does all the heavy lifting. Potentially, all
inbound, outbound, and internal messages can be processed automatically.
▪ Consistent decisions: Assuming the rules don’t change, the computer will be faithful in applying the
same classifications to like messages without deviation. However, some systems employ a kind of
learning or adapting logic that, in some way or another, bases current decisions on past results.
While some inconsistency may be evident early on, the intent is to make these systems more
accurate at classifying messages over time.
Disadvantages
▪ Computers can’t reason: They only do what they are told. This leads to various degrees of accuracy
when classifying messages based purely on content or addresses, even when sophisticated and
expensive learning systems are employed.
P a g e | 4
5. Email Classification – Why Should It Matter
to You?
Manually—User Applied
This involves the sender applying a suitable classification to a message during composition before it is sent.
Sometimes, the email client software may be able to assist the author in selecting a classification or it may prevent
a message from being sent if the classification is missing. Received messages (e.g., from external sources) may
also need to be classified after the fact by the recipient.
Advantages
▪ People can reason: Presumably the message author can make the best determination as to the
nature of the message and, therefore, what classifications it needs. Or, if the message arrived
unclassified from an external source, the recipient may be able to make that determination.
Disadvantages
▪ Increased workload: Besides additional and on-going training, there is additional work on the email
author’s part to consider and apply classifications.
▪ Inconsistencies: Are users being thoughtful and careful each and every time they classify an email?
Are the policies clear enough that everyone will arrive at the same determination about a given
message's classifications? Inconsistencies can muddy the waters when trying to manage the
messages later as a group of a given type.
MOVING FORWARD
There are several options for moving forward with an email classification system. Once you have identified the
organizational needs for classifying email, there are several steps Sherpa Software experts recommend before
moving forward with implementing.
Get Buy-in
Business needs should drive any classification effort. If the initiative begins with the Leadership team or a
department like Legal or Governance, Risk Management and Compliance (GRC,) then adoption has a
higher level of likelihood. Additionally, these other departments may have important insight into crafting an
email classification policy or strategy. For instance, if the goal of an email classification strategy is to secure
confidential emails from leaving the organization, the Governance, Risk Management and Compliance
team can direct the email administrator to look out for the right keywords or patterns (e.g. patent or credit
card numbers).
P a g e | 5
6. Email Classification – Why Should It Matter
to You?
Draft an Email Classification Strategy
Before you begin shopping for the right kind of technology to support an email classification strategy, it is
vital to write the strategy down and determine what and how you are going to classify emails in your
environment. This will help greatly when researching technologies.
Research Supporting Technology
Identify opportunities present in your existing tools. You may have all the pieces already in place. If not,
understand gaps that will need to be filled by new technologies so that you can compare products based on
just the features you will need. One such tool is Sherpa Software’s Compliance Attender for Lotus Notes
which contains an email classification module. Compliance Attender can classify email messages based on
a wide array of criteria including message content, metadata, message size, etc. Compliance Attender is a
module-based email compliance system for Lotus Notes environments; available modules include
journaling, filtering and ToneCheck (automated tone/sentiment analysis).
As you can see, the answer to the question, should email classification matter depends. But for many
organizations, that answer is an empathetic yes. For others, it may not be as clean cut, but the questions raised
here will help you determine if classification is a good fit for your organization. Regardless of how you answer, you
need to be asking the questions.
ABOUT THE AUTHOR- GRANT LINDSAY
As the Product Manager for Compliance Attender for Notes, Grant is responsible for product
research and development, pre‐sales technical support (e.g., Demos), post‐sales technical
support and competitive research.
Grant joined Sherpa Software in 2007 with 15 years of experience in Information
Technology. Of those, more than 14 were spent building applications with Lotus Notes and
Domino. He worked with a wide range of company sizes and across several industries
including insurance, consulting, venture capital, manufacturing, software and more.
Grant is an IBM Certified Advanced Application Developer and an expert in email
management and compliance, LotusScript, Notes Formula Language, application design, and security. He is also
skilled in C/C++ and Java Application Programming Interfaces (APIs) for Notes and Domino. Grant is accomplished
in web delivered technologies: HTML, CSS, and JavaScript.
P a g e | 6
7. Email Classification – Why Should It Matter
to You?
He graduated in 1995 from the Career Development Institute with a Programmer Analyst Diploma. Grant spends
his time with his wife, Lydia, of 16 years and his two retired greyhound racers, Rio and Wavorly.
P a g e | 7