Why is it secure to keep messages longer in Quarantine?

Copper Contributor

I'm getting dinged in Microsoft Secure Score for "Retain spam in quarantine for 30 days". When I check my policies, they're configured to retain suspected spam for only 15 days.

I've done lots of googling, and can find lots of places saying 30 days is the default - apparently it's even a question on the MS-500 exam - but nothing to indicate why Microsoft believe keeping it longer is more secure.

The only thing I can think of is data integrity - you're giving users a month to realise they're missing a false positive rather than two weeks - but then 30 days seems very arbitrary. If I set it to 31 am I even more secure? :smile:

I'm happy with 15 days and feel little need to double my Quarantine storage needs, but I worry maybe I'm missing something?

2 Replies
best response confirmed by Graham_Hill_UWL (Copper Contributor)
We put most of our customers at 30 days, mainly because 15 is not enough, especially where we are in the world, people tend to take 15+ days in a row vacations and they don’t always check email during that time.
Oh, of course. I take too little vacation myself so that hadn't occurred to me!