Anybody else read this and think it sounded ridiculous?
Now the question is whether the missing e-mail can be recovered. Mr. Smith, the Internet security consultant, said e-mail ordinarily is initially stored in at least four places: in the “sent” file of the computer used to send the message; on the computer server of the sender’s Internet service provider; on the computer server of the recipient’s provider; and on the recipient’s computer.

Even if the message is deleted, it may be recoverable from a computer’s hard drive. Eventually, however, the deleted file may be overwritten and lost, Mr. Smith said.

“If you keep sending e-mails, it will probably get overwritten pretty quickly, and then it’s really gone,” he said.
http://www.nytimes.com/2007/04/13/washington/13emails.html?pagewanted=2

Are emails sent SMTP really stored on the outgoing server for more than a few seconds, or at all?

They are generally stored on an outbound server until they are either handed off to the recipient's SMTP server or they bounce. This could be anywhere between a few seconds and 4 days.

Are emails sent SMTP really stored on the outgoing server for more than a few seconds, or at all?In order to provide reliability guarantees, email messages are forced onto disk before the server responds that it has accepted the message. That message will stay on disk at least until the receiving server indicates that it has accepted the message, at which point the sending server may delete it. However, it is somewhat more "lazy" at deleting the message, so it is not necessarily immediately removed from the directories. Also, as the quoted message indicated, the actual content of the message would only disappear once it's overwritten by another file, and even then computer forensics experts can possibly recover the original text. To truely render a file completely unreadable, security experts say it must be overwritten at least 8 times (IIRC) with a specific pattern of bit reversals.

Also, as the quoted message indicated, the actual content of the message would only disappear once it's overwritten by another file, and even then computer forensics experts can possibly recover the original text. To truely render a file completely unreadable, security experts say it must be overwritten at least 8 times (IIRC) with a specific pattern of bit reversals.But one has to add that to recover already deleted and overwritten data one needs to use sophisticated and high end laboratory type equipment as raster force microscopes working in high vacuum at very low temperatures, etc. This seems to be far out of the reach and training of most investigators.

Erich

Seems like an email server would be flipping those bits constantly, unless they have a lot of slack space and the file system uses all the space. That said, some of the emails they are looking for are fairly recent, from late last Fall. Or, the most sensitive emails could be even more recent, if there were a coverup in progress. Also, it sounds like they are talking about a webmail-style system that would store outgoing mail in a Sent folder.

There was a joke (?) on some other board that they should be asking the NSA for the intercepts!

security experts say it must be overwritten at least 8 times (IIRC) with a specific pattern of bit reversals
That was back in the day when hard drives weren't pushing the envelope so hard that they needed ECC just to make sure a given sector read was successful. These days, if you overwrite a sector on a drive, it's probably gone. If it's been written over twice, then it's toast.

More specific information at Gutmann method (http://en.wikipedia.org/wiki/Gutmann_method) on Wikipedia.

But the content of these emails is really trivial, it is the mechanism by which they must be retained which subsequently failed is where a crime (if any) occurred.

Unless it is a fishing expedition then these emails simply cover the firing of federal judges, not a big deal compared to the destruction/loss of evidence which is required by law to be retained.