To effectively prevent phishing attacks while minimizing data retention, an application server should keep limited-retention logs that are de-identified and include critical metadata, such as the links clicked in messages. This approach helps in tracking potentially malicious activities (like phishing attempts) without retaining excessive personal information that could itself pose a privacy risk. By focusing on metadata and the behavior (links clicked), the server can monitor and mitigate phishing risks while adhering to privacy principles of data minimization and purpose limitation, as recommended by IAPP.