When it comes to securing your organization’s email, you want to protect all aspects of email flow: inbound, local-to-local, and outbound.
- The primary focus for inbound mail is content scanning and keeping as much malware out of users’ mailboxes as possible.
- Local-to-local mail protection involves the application of policies: to prevent incidents of harassment and unacceptable use of workplace email.
- The current focus on outbound mail filtering is data leakage prevention (DLP): to protect sensitive and/or proprietary information from falling into the wrong hands.
For those who use Exchange, there are various products that can be installed directly on the Exchange server to provide an all-in-one content filtering solution. However, there is a downside to this approach. What if the server goes down? How do you protect it from a DDoS (Distributed Denial of Service) attack and prevent the server from becoming so bogged down by incoming garbage that it can’t process normal ‘good’ mail? How do you prevent loss of messages and work disruption?
The most prudent solution is to place a gateway/filter server in front of Exchange and hide the Exchange from public view. If spammers can’t see it, they can’t attack it. The gateway server can handle and filter all incoming mail flow and pass only the good or clean messages to Exchange. It can also verify whether an email address exists on the local system or not and bounce messages for invalid addresses. It thus serves to reduce the load on Exchange and to act as a backup spooler for incoming messages should the Exchange go down or be taken offline for maintenance.
Exchange has its own tools for managing local-to-local traffic, but the gateway can also be used to handle outbound messages: to provide both content and data leakage/policy scanning prior to actual delivery.
In terms of actual features to look for, the solution should be able to do the following:
1. Provide multiple tools for blocking as much junk mail as possible at the connection level to reduce the load on the spam and virus filters, and the mail server in general, e.g.,
- The ability to use DNSBL servers that blacklist IPs from questionable / abusive sources
- A sender reputation service that is updated frequently: to quickly block newly listed ‘bad’ sources, and to resume communication from ‘good’ IPs as they’re removed from the list
- SPF and DKIM support to better identify valid sender addresses and reject traffic from invalid ones
- The ability to limit message relay to authenticated sources only
- BATV (Bounce Address Tag Validation) settings to properly handle invalid bounces
2. Spam and virus filters to block all forms of malware, including phishing and dangerous URL links,images and attachments
- These filters must be updated automatically and frequently to stay on top of new outbreaks and their various strains
- The ability to fine tune these filters at a granular level even on a per user level, to provide flexibility and reduce the load on administrative staff
- The ability to give users access to their own quarantined messages: allow them to view and manage the content and release false positives, if required, to prevent delays and frustrated calls to IT staff
- The ability to create custom rules and policies based on specific content and addresses
3. Policy Management tools:
- Create rules based on custom dictionaries of terms, e.g., credit card and banking number sequences, proprietary/industry words and terms, bad word lists, accounting, legal and health industry terms, etc.
- Flexible message handling rules such as redirecting specific content to a moderator, forcing message encryption, archiving and/or auditing
- Allow designated Policy Managers to create the rules instead of relying solely on the administrator
If your chosen solution can do all of the above, you’ll be well on your way to protecting your organization’s main line of communication.
Leave a Comment