Email is the electronic equivalent of a postcard. Because of this, it requires special policy considerations. From archiving to content guidelines, organizations have a lot to consider when writing email policies.
Rules for using email:
Policies should be written to promote the responsible use of email that supports the organization's goals and business requirements.
Some of the items that should be included in the policy concern courtesy, content, general usage, and compliance with the policy.
Administration of email:
Policies describing the administration of email discuss the actions the organization will follow in the management of the email system.
Administrative policies should establish the right to scan messages passing through the email system. This scanning can be for viruses or content. Regardless of the scanning type, there should be a policy in place that says the organization is doing this.
Email policies might include mechanisms to limit the size of messages to prevent the overloading of servers and network bandwidth.
To mitigate other problems, the organization might want to include a policy that allows them to use proxies, gateways, and other means to aid in the transmission of messages. These policies should not imply that messages are being filtered or retained.
If email messages are archived, there should be a policy that outlines the basics for how this will work. This policy also should define retention periods and potential exceptions to the policy.
Use of email for confidential communication:
Policies for sending confidential communication include provision for encrypting the data before transmission and signing them with digital signatures.
Encryption policies are really not the scope of email policies. Thus the policy statements should refer the user to the organization's encryption policy for that information.