Hi Andrea, I am a consultant, not an end user, but what I have found effective for my clients is a combination of all of the above. It starts with an email policy that includes, not just the usual "email is not for sharing off-color jokes and chain letters", but talks about how to determine if an email is a record, what to do with it if it is/isn't, how to delete email that is/isn't, etc. Then comes training to ensure that users have at least been exposed to the policy and the underlying concepts. Periodic auditing is a good way to ensure adherence to the policy. Technology can help, in terms of auto-classification, automated disposition(!), and the like, but I'm not convinced of the infallibility of these systems - most of them still require some manual intervention from time to time. And all of this takes time, energy, and sometimes money. :) The August Transform Magazine and September AIIM E-Doc Magazine both focused on email and cover some of the policy aspects as well as the technologies - and of course take a look at ANSI/ARMA 9-2004, "Requirements for Managing Electronic Messages as Records" which has a lot of these ideas covered as well. Hope this helps - I just recorded a course for AIIM on email and regulatory compliance and would be happy to discuss with you offline. Cheers, Jesse Wilkins CDIA+, LIT, EDP, ICP IMERGE Consulting (303) 574-1455 office (303) 484-4142 fax [log in to unmask] http://www.imergeconsult.com List archives at http://lists.ufl.edu/archives/recmgmt-l.html Contact [log in to unmask] for assistance