How do messaging-security gateways work?

Messaging-security gateways sit at the edge of the corporate network and act as a first barrier between the Internet and the enterprise messaging system.

Messaging-security gateways sit at the edge of the corporate network and act as a first barrier between the Internet and the enterprise messaging system.

Although there is considerable variation in features and architecture, the majority of message-security systems sit facing the Internet and receive incoming mail directly from the outside world destined for the enterprise. As a first step they usually provide rate-control and reputation-based filtering for incoming mail.

For mail correctly passed through these controls, messaging-security gateways will then scan for spam and viruses, and apply further controls and filters on the stream of incoming mail. Once the mail has been "cleaned" (sometimes these products are called "e-mail hygiene" because of this cleaning process), the messages are passed onto the enterprise e-mail system inside of the enterprise.

The same gateway can be used for outbound message delivery, usually with a slightly different set of security controls in place (often filtering, archiving and antivirus are applied to outbound e-mail). In this scenario, the enterprise mail systems hands all Internet-bound mail to the gateway, which then takes responsibility for delivering it. A common feature used in outbound delivery is footer stamping, the nearly ubiquitous practice in certain professions of placing a long addendum onto each message suggesting that anyone reading the message who shouldn't be must either delete it or, at the very least, gnaw off his own right arm.

Messaging-security gateways are a refinement on the older e-mail gateway products that were originally put in place in large-scale networks to convert Internet messaging formats (SMTP and MIME) to and from proprietary formats and addressing schemes used in the enterprise, such as MS Mail, cc:Mail or GroupWise.

This new crop of messaging-security gateways, driven to market by the need for antispam/antivirus functionality at the edge of the network, has lost a lot of the functionality and features of their older brothers, but have taken on the appliance form factor and dramatic increases in performance more appropriate to their sharpened focus on a few specific functions.

While scanning for spam and viruses can be done elsewhere in the message flow, such as on the e-mail servers, most e-mail managers have found messaging-security gateway appliances the perfect match for an unpleasant job. By separating the filtering function and keeping spam and viruses out of the mission-critical mail servers, they are able to keep performance levels up and keep worries about interoperability and software integration down. The appliancelike nature of most gateways also means that a poorly performing gateway can be upgraded easily or replaced with a beefier model without affecting production mail streams.

Although the gateways are largely independent of the core e-mail system, some integration is needed for best operation. For example, the messaging-security gateway must be linked to the enterprise directory -- normally via Lightweight Directory Access Protocol -- so that it knows what mail to receive, what messages to refuse and how to further route the mail inside the enterprise network (especially if there are multiple internal e-mail systems).

Some vendors, notably Symantec, are experimenting with breaking the messaging-security gateway into two parts: one piece specifically designed for rate control and reputation-based e-mail filtering, and a second honed to handle the filtering, archiving and scanning functions. The idea is that in enormous message streams -- a million messages an hour would be where this starts to kick in -- having these functions separated offers the opportunity for greater scalability.

While most vendors put antispam and antivirus scanning in their gateways, a wide variety of other messaging-oriented functions show up in these systems as well. Content filtering -- looking for specific words or phrases -- is a frequent feature, as is message archiving -- the ability to copy the incoming or outgoing message stream to an archiving server. As part of the antispam functionality, some devices include their own spam or virus quarantine servers.

Also are found fairly frequently are e-mail encryption services, ranging from transport-based encryption (such as enforcing Transport Layer Security, encryption with certain business partners) to application-layer encryption (such as signing and encrypting messages so that only the designated user can read them).

Join the newsletter!

Error: Please check your email address.

More about ACTBillGatewayHISSecurity SystemsSymantecVIA

Show Comments