Some (Exxon, as an example) have communication policies, which I always understood to be about spam or phishing, that automatically delete any externally-originating email unless it is on a pre-approved whitelist. Now I’m wondering if this thinking plays a role as well.
There’s rules about discovery that definitely make the auto-delete practices helpful. Deleting suspicious records based on their content is fraudulent and can land you in jail or with bigger damages if you’re ever caught. But having a standard policy of deleting all messages after X amount of days is protected until you have positive knowledge that there’s impending litigation.
Sorry for the delayed response, but fyi in this case I don’t mean after X days, I mean if you aren’t whitelisted in advance the intended recipient never gets the email at all.
I genuinely can’t think of a situation where this makes sense, either as a way to keep the email clean for discovery or anything vaguely related (like concerns about employees leaking to journalists). On the other hand, it makes a lot of sense for phishing prevention. Seriously, if you can think of an example, tell me. I’m stumped.
I have no idea, I was thinking in terms of outsiders informing people of problems. It would be more for downstream products than anything else. But you’re probably right and this whole line of thinking is irrelevant.
On reading this post, I immediately thought of sending companies email about risks as a way to inject potential liability into their decision process. “Hey, I cut my finger on your sharp holiday ornament. You should get that looked at.” Then, when there’s an ornament class action suit, it can be shown that they ignored the information. More to the point, in theory they might be motivated to preemptively address the risk to avoid this newly enlarged liability, especially if legal counsel is copied. It’s slightly fanciful in the real world, but that’s the theory.
So yes, I would not be at all surprised if the email whitelist practice is in part to avoid liability.
Some (Exxon, as an example) have communication policies, which I always understood to be about spam or phishing, that automatically delete any externally-originating email unless it is on a pre-approved whitelist. Now I’m wondering if this thinking plays a role as well.
There’s rules about discovery that definitely make the auto-delete practices helpful. Deleting suspicious records based on their content is fraudulent and can land you in jail or with bigger damages if you’re ever caught. But having a standard policy of deleting all messages after X amount of days is protected until you have positive knowledge that there’s impending litigation.
Sorry for the delayed response, but fyi in this case I don’t mean after X days, I mean if you aren’t whitelisted in advance the intended recipient never gets the email at all.
I genuinely can’t think of a situation where this makes sense, either as a way to keep the email clean for discovery or anything vaguely related (like concerns about employees leaking to journalists). On the other hand, it makes a lot of sense for phishing prevention. Seriously, if you can think of an example, tell me. I’m stumped.
I have no idea, I was thinking in terms of outsiders informing people of problems. It would be more for downstream products than anything else. But you’re probably right and this whole line of thinking is irrelevant.
On reading this post, I immediately thought of sending companies email about risks as a way to inject potential liability into their decision process. “Hey, I cut my finger on your sharp holiday ornament. You should get that looked at.” Then, when there’s an ornament class action suit, it can be shown that they ignored the information. More to the point, in theory they might be motivated to preemptively address the risk to avoid this newly enlarged liability, especially if legal counsel is copied. It’s slightly fanciful in the real world, but that’s the theory.
So yes, I would not be at all surprised if the email whitelist practice is in part to avoid liability.