Helping people with computers... one answer at a time.

It's easy to overlook important steps if you're attempting to securely and permanently delete an email message. I'll cover what's required.

When I delete stuff out of my recycle bin, I can go and find it and do a DOD wipe to remove all evidence of it ever having existed. However, what happens to the stuff I delete from my e-mails, where does this go when it is deleted? Is it deleted also when I use REVO Uninstaller to remove "evidence" from my computer? If not, how can I delete the stuff then? I have to sometimes download and print bank statements and other documents, this is the premise behind the question.

This is actually a fascinating question. One would think that deleting email behaves similarly to deleting files on your hard drive - and it does, to a point.

And of course securely deleting data is beyond that point.

The real answer, as usual, is "it depends" - it depends on your email program, and how you use it.

Secure Delete

I've discussed secure delete before, but quickly the concept is this: when you delete a file "for real" (by emptying your recycle bin, or using a delete that bypasses the recycle bin), the data is actually left on the hard drive. The area of the hard drive that the data is on is marked as "empty", and will not actually be overwritten until another file is written to the disk that ends up taking that same placement on the hard drive.

That could be fractions of a second later.

"Much like Windows, when you delete an email these programs simply mark the email as deleted, but otherwise leave it alone."

Or it could be years later.

It all depends on how all the data on the hard disk is laid out, and what kind of disk activity happens after the file's deleted.

A secure delete (or a "DOD wipe" as in your question, relating to a U.S. Department of Defense security standard) is an extra step that actually goes out and actually erases the data from the disk areas formerly occupied by the file you just deleted. Options typically exist to securely wipe all free space on the drive, ensuring that all deleted files are unrecoverable, and to perform that secure wipe multiple times so that even the most advanced data forensics tools would be unable to recover it.

Depending on your data, it can be an important tool to maintaining data security.

Email Delete

We need to address the two different approaches used by most people when it comes to email: web and PC-based email.

Web-Based Email

When you delete an email via a web based interface such as Hotmail, Gmail and the like, this has little to do with your own computer. The deletion is happening on their server, and there's no way to know whether the delete is secure or not. Not that it really matters, since there'd be nothing you could do about how they keep your email on their hard disks anyway. And not that that really matters since a) their servers are busy and your data is likely to be quickly overwritten, and b) someone wanting to recover your deleted email would have to have physical access to the specific hard drive it was stored on out at those services, which isn't very likely.

However...

Your browser has a cache, and that cache is kept on your hard drive. It's possible that images of the pages you've visited are cached and kept on your hard drive. (Technically https pages aren't supposed to be cached, but not everything is https, and I'll choose not to trust all browsers to handle this properly.)

The solution here is simple: when you want to make sure that things are securely removed from your computer after using web mail:

PC-Based Email

When it comes to email on your computer it really depends on how your email program stores your email.

They typically fall into two camps.

Aggregate Data Stores - this is where the email program stores multiple email messages in a single file. Most email programs, including Outlook, Outlook Express and Thunderbird all fall into this category. While the actual file formats vary dramatically, the concept is the same - multiple emails stored within a single file.

Much like Windows, when you delete an email these programs simply mark the email as deleted, but otherwise leave it alone. It's not until they "compact" your email that the message is physically removed.

And therein lies the solution: empty your email program's recycle bin if it has one, compact your email (you should see these files get smaller when the compaction is done), and then once again: secure delete to wipe your free space.

Exactly how one compacts email files also varies quite a bit depending on the program you're using - check the documentation. Most compact periodically, but that may not be enough to ensure complete security.

Individual Data Stores - as it's name implies, some email programs store email messages as individual separate files. I believe Windows Live Mail may fall into this category.

Here things get simpler.

Delete your mail, empty your recycle bin, and run your secure delete.

Sometimes Both

It's worth mentioning that some PC-based email programs will use your web browser to display email, or use the browser's cache to store attachments and other files.

In other words, for extra security it's probably a good idea to check the cache, or just clear it as well before doing that secure wipe, even when you use a PC-based email program.

Article C4449 - September 16, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Pedro
September 19, 2010 4:53 AM

I've downloaded secure delete. Does anyone know how this program works because it seems to do nothing than open a prompt command window for a second or two and then automatically close. Help appreciated. I was wondering if it works with XP service pack 3

Regards

I believe if you read the documentation on the download page it shows how to run it. You need ot run it within a Windows Command Prompt - try this article: When I use Start-Run and type in a command, why does a window just flash and disappear?
Leo
19-Sep-2010

DT
September 21, 2010 9:57 AM

I use Eraser, see http://eraser.heidi.ie

It has some nice features:
1. Secure delete disk's free space
2. Secure delete when deleting to recycle bin
3. Secure delete when clearing recycle bin

max
September 21, 2010 11:00 AM

AFter you download and extract the sdelete.exe copy it to c:\ then click Start > Run > type in CMD and press Enter. you will then be at the DOS prompt. If you are not at the root folder type in c:\ and press enter. Then type in your requirement. eg sdelete -s -z and press enter.

Carol
September 22, 2010 11:41 AM

If you are printing out copies of your bank statements as well as emails, I'm told you need to be concerned about the printer keeping a copy on it's "disk." I haven't heard how one might delete this information from the printer, but it is an even bigger concern since most printers end up as e-waste, indiscriminately discarded along with the information they contain. Hard drives get much more attention as a security issue.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.