Containing the attachment

The email attachment has been annoying the IT-administrators for years and leads to multiple problems.

First of all, users send enormous documents as attachment, which overloads the email environment or distorts the internet connections. Modern e-mail systems are able to take care of the enormous attachments than the older ones, but it is not ideal. The process of back-up just leads extra challenges.

Secondly, sending an attachment introduces more issues with different versions. An author of a report sends his version for review to colleagues, whereupon they create their own version and return these. Subsequently, the author is left with several versions of the same document. Frequently, in these situations, the final version is not the correct one. The author, or one of the reviewers, has lost track of all the different versions. Sending an attachment leads to downloading and saving the document multiple times, not just on the fileserver, but in the diverse mailboxes as well.

A third challenge is the destination of the attachment. An e-mail attachment may end up in the cloud-service, while the organization has laid down the policy that specific information cannot be saved into the cloud. The organization has no control if one of the recipients has an e-mail in the cloud.

Finally, the attachment is used regularly to distribute viruses. The mail can look innocent and the inattentive user may open the attachment, thereby opening the floodgates. These e-mails were disorganized, containing many spelling errors, in the past. Now, these e-mails have been improved and are unrecognizable.

The question remains if the e-mail attachment should be wanted, while we are still using it on a great scale. It is easy to use, and we have become accustomed to it: add attachment, select send, and done! Furthermore, the attachment creates a sense of security that it will be delivered directly. However, the reality is a contradiction. Mail is still batch-processing and spam-filters regularly hinder messages.

Technology & tools

The process of adding an attachment will not disappear swiftly, users happen to change slowly. Yet, it is possible to use technology and tools to diminish the unnecessary aspects.

Regarding the overloading of the e-mail systems, modern systems are better equipped for this, thanks to new insights in the process of back-up and the availability of mail. By applying technologies such as ‘journaling’ and ‘incremental forever’, the process of a back-up takes no longer than the acceptable time-window.

The management of document-versions, the second challenge, can be achieved through using a document management system (DMS). SharePoint & Alfresco offer a prominent one. Currently, these systems are administered as a cloud-service more and more. Flexibility is an important advantage here.

The third challenge refers to not knowing the location of the attachment. Some information is too private or confidential to be shared without knowing the final destination. This is where digital rights management (DRM) is involved. DRM can be used to determine which information may or may not be send to an external recipient, based upon the classification.

Disarming the virus distributors

The problem of viruses requires a different method, additional to the standard solutions such as antivirus software. For this, the manner in which the information is provided is important, which means it starts by the message originator. This is why it is more troublesome to manage.

A frequently used methodology is sending a virus by mail with an invoice as attachment. The subject may be that the invoice has to be paid. It is hard to withstand the temptation to check which invoice has to be paid and the virus has entered.

If companies stop sending their invoices by mail, we deprive the bad guys of their method. An alternative could be using a central portal. For example, banks use their website for this. Every customer has his or her own account for online banking. Via this portal, communication regarding payments and so forth is possible as well. Webshops too, use this method more frequently. In the mail, an announcement is made that the invoice can be found on the website. Preferably, no URL is mentioned; hence, no virus can be distributed.

Where do we go from here?

The first step is increasing security awareness among users through counseling. Make them recognize suspicious mails and attachments. Also, inform them about the route an attachment takes and where these might end up. This could be at unwanted places.

Inform users regarding the costs; data storage requires funds. Each attachment is saved, besides to disk, to a mail database.  Experience shows that users save the attachment to a personal folder on the server as well. This means that a single document is saved multiple times on a server.

Introduce version management by launching a DMS. The multiple versions are a burden to users as well, and they will be quick to adopt this solution. It also solves the problem of different versions and decreases the amount of wrongly send attachment, which leads to reducing the overloading of the system.

Classify the diverse sorts of information within an organization and subsequently launch DRM to increase the control over the coming and going of email. It is advisable to record this in a transparent determined policy, in order for users to be informed.

Does your organization still uses e-mail to send invoices? You may want to check the alternatives, and hence, contribute to disarming the virus distributors.

Martijn Bellaard has been working for TriOpSys as a lead architect for 3 years. At the beginning of 2017, he has pursued his life-long dream and has become a teacher at the Hogeschool van Utrecht. This article has been published on 08-07-2016.