Email Security Debate

The Email Security Debate: Secure Email Gateway Vs Post-Delivery Protection

Joel Witts / Feb 22, 2019

Which type of email security is best suited to protect your email network?

In recent years there has been a big shift for businesses in terms of email networks and email security. The emergence of cloud technologies has seen many businesses move from on-premise email servers like Exchange to new cloud based technologies like Office 365 This has mirrored the rise of more sophisticated email attacks, with social engineering attacks like phishing, and business email compromise, becoming more common. This has meant that email security has needed to evolve.

What is a Secure Email Gateway?

When email was hosted on-premise, the most common type of email security for businesses of all sizes was a Secure Email Gateway. This would’ve been a physical applianc eor hosted service that filtered emails before they entered a network, blocking spam and viruses. They provided protection from email threats.

Vendors such as such as Proofpoint, Mimecast and Barracuda offer Secure Email Gateways today that protect both cloud based and on-premise email servers.

Are they good enough for emerging email threats?

Many people are arguing that using Secure Email Gateways to try and protect businesses from cloud based email threats such as phishing and business email compromise, will just not cut it.

John Randall, VP of Product Management at security vendor Edgewave, wrote in a recent blog post that Secure Email Gateways were ‘decades-old technology…designed to stop high volume spam and phishing campaigns.’ He argues that they are just not equipped to deal with new email threats like targeted phishing attacks and business email compromise.

This is a sentiment echoed by other security vendors such as Avanan. They argue that because Secure Email Gateways don’t scan emails within the email network they miss advanced threats that pass through their spam filters.

It’s also easy for hackers to see which Secure Email Gateway a business is using, potentially allowing them to more easily bypassing it.

All of these limitations suggest that a new technology is needed to secure email communications. A potential candidate for this is Post-Delivery Protection.

What is Post-Delivery Protection?

Put simply, Post-Delivery Protection is a method of securing emails within the email network. They are ffine-tuned to stopping advanced email threats like phishing and business email compromise attacks.

They are often powered by machine learning systems or artificial intelligence algorithms that integrate at the platform level. This allows them to monitor all incoming and outgoing email communications within a network. They scan these messages for potential security threats, identifying spear-phishing attempts and other social engineering style-attacks.

These platforms can effectively help to improve the overall security of an organization. They effectively help to block phishing attacks and are completely automated, running in the background to save IT departments time and resources.

So is Post-Delivery Protection better than a Secure Email Gateway?

Secure Email Gateways are still an important aspect of email security. It’s important to note that many do offer phishing protection at the email gateway. Many Secure Email Gateway providers such as Fortinet and Proofpoint do not offer post-delivery protection, but have adapted their email gateways to adapt to emerging email threats.

Fortinet use machine learning algorithms, sandboxing and predicative analytics to help filter advanced email threats at the gateway.

 Proofpoint offer an ‘Advanced Threat Defense’ module which uses sandboxing, DMARC authentication and display name spoofing to protect businesses from ransomware, malware and credential phishing.

You can find out more about the Proofpoint and Fortinet Secure Email Gateway platforms here.

Secure Email Gateways also offer some other advantages over Post-Delivery protection. For example they are designed to stop bulk amounts of spam and phishing campaigns from reaching inboxes.

While Post-Delivery systems offer strong protection from targeted attacks, they are not as secure against large scale attacks, where it’s likely that a few malicious emails will reach the email inbox.

What Email Security Platform should you be using?

There are advantages to both Secure Email Gateways and Post-Delivery Protection. The type of security you choose will largely depend on what type of business you are, and what type of threat you face.

Many small businesses will be secure with a Secure Email Gateway that has technology to stop phishing approach. However, businesses who have been targeted by phishing attacks may find they need Post-Delivery Protection alongside more traditional email filtering.

As I previously mentioned, Office 365 does have an inbuilt Secure Email Gateway. Many will find it does not block many email threats, however. Some Post-Delivery platforms such as Agari, argue that in fact the inbuilt Secure Email Gateway is fine to use for basic spam. They suggest you supplement this platform with their more advanced threat protection suite, for multi-layered email security.

A multi-layered security approach with both a Secure Email Gateway and Post-Delivery protection is what many vendors see at the moment as the best way to protect an email network.

Vendors such as Barracuda and Ironscales offer both a Secure Email Gateway and a Post-Delivery Protection platform that integrate to protect the network both at the gateway and internally.

In the future, Post-Delivery Protection platforms may develop to the point where they can become a unified platform for protecting all email threats.

But at the moment a multi-layered security approach may be the best way for a business to secure its email network.

You can find out more about the best Secure Email Gateway platforms here:

You can find out more about the best Post-Delivery Protection platforms here: