What is email archiving?
Email archiving means that emails are systematically stored for the long term in a separate, searchable system – independently of the regular email inbox. Email archiving ensures that business emails are stored for the long term, in full and unmodified.
The aim is to keep information permanently available, meet legal requirements, and protect the integrity of company data. It is important to note that an archive is not a normal email inbox, but a standalone system that operates independently of the email server and is designed for permanent storage.
How does email archiving work?
Email archiving begins with the capture of messages. The most reliable and legally secure method for this is known as journaling. This involves the email server automatically creating an additional copy of every incoming and outgoing email. This copy is created during transport, i.e., before the message reaches or leaves the user’s mailbox.
The copy of the email is placed in a special journaling mailbox that only the archiving system can access. The archiving system then regularly retrieves these copies, stores them unchanged, indexes the content, and stores metadata such as the time of dispatch, sender, or recipient in a structured manner. This creates a complete, seamless, and tamper-proof collection of all relevant emails in the company.
Audit compliance in storage is enabled by the following technical measures:
With mailbox-based archiving, an archiving system regularly reads the mailboxes. This method is suitable for retrieving historical data, but does not replace journaling: it cannot guarantee complete capture in real time. Only the combination of both methods enables the secure transfer of old emails and the legally required complete archiving of all new messages.
What is the difference between archiving and backup?
Although both serve to protect data, archiving and backup have fundamentally different objectives:
Backup
Purpose: short-term recovery after data loss (hardware failure, ransomware, accidental deletion)
Characteristics: regularly overwritten, not audit-proof, does not meet legal retention requirements.
Archiving
Purpose: long-term storage to fulfill legal obligations and for later verifiability
Features: not designed for quick recovery, no protection against acute data loss.
The most important differences at a glance
| Criterion | Backup | Archiving |
|---|---|---|
| Goal | Desaster Recovery | Compliance, Documentation, Legal security |
| Storage period | Short to medium term (days to weeks) | Long term (years to decades) |
| Data set | Copy of the current state, regularly overwritten | Historical, unalterable archive |
| Modifiability | Data is continuously updated/overwritten | Data is unchangeable (audit-proof) |
| Access | Only for recovery in case of emergency | Regular access for searches, audits, legal inquiries |
| Searchability | Limited – usually only restoration of entire systems or folders | Full-text search for individual emails, attachments, metadata |
| Legal relevance | None – does not fulfill any retention obligations | Complies with GoBD, HGB, AO, and other regulations |
Why is email archiving important?
Email archiving is important for several reasons:
Email archiving therefore protects companies legally, organizationally, and operationally.
What are the requirements for email archiving?
The requirements for email archiving can be divided into three areas: legal, technical, and organizational requirements.
Legal requirements for email archiving
From a legal perspective, the GoBD (General Principles of Bookkeeping and Record Keeping) form the most important framework in Germany. They stipulate that tax-relevant emails must be archived in an audit-proof manner. This means that emails may no longer be changed or deleted after archiving, all relevant messages must be recorded in full, and every change or edit must be logged.
In addition, emails must be stored in their original format so that they remain machine-readable. The following retention periods apply: business letters and general correspondence must be retained for six years, while accounting documents, invoices, and tax-relevant documents must be retained for ten years. The GDPR also plays a role, as personal data in emails must be protected and may be deleted upon request – which requires careful planning to avoid conflicts with retention obligations. In regulated industries such as the financial sector or healthcare, there are additional specific requirements.
Technical requirements
Audit compliance is a key technical requirement. It is ensured by hash values, WORM storage, and time stamps (see above), which prevent any subsequent manipulation. Data must be encrypted both during transmission and storage. Full-text indexing enables quick searches in content and attachments. The system must be scalable to handle growing data volumes and protected against data loss through redundancy. Emails must be archived in their original format, including all attachments and headers. A complete audit trail logs all accesses and actions.
Organizational requirements
First, a written archiving policy must be created that specifies who archives what for how long and who has access. A clear role concept ensures that not all employees have access to all emails. Training courses serve to teach employees which emails are business-relevant.
Procedural documentation must be provided for the tax office to explain how the archiving system works. In addition, regular checks must be carried out to ensure that the system is working properly and that deadlines are being met.
Email archiving in NoSpamProxy
Setting up email archiving in NoSpamProxy Cloud and NoSpamProxy Server is very easy using the integrated archive connectors. You can specify how emails are archived using one or more profiles.
NoSpamProxy Cloud supports a journaling mailbox (archive mailbox) as an archiving system. In NoSpamProxy Server, you can choose between an journaling mailbox, the file system, and external archiving solutions from d.velop, MailStore, and Dropsuite. NoSpamProxy has also just entered into a strategic partnership with Dropsuite.
When configuring the respective archive connector, you have numerous setting options. For example, you can determine at which points in the validation process incoming and outgoing emails should be archived:
NoSpamProxy Cloud
NoSpamProxy Server
Not yet using NoSpamProxy?
With NoSpamProxy Protection, you can reliably protect your company from dangerous emails and benefit from many other security features. Request your free trial now!
