What Is A Secure Email Gateway (SEG)? (Inbound And Outbound)
A secure email gateway (SEG) is the cyber equivalent of a security guard standing at the entrance or exit of a building. It acts as a filter ensuring email data is protected as it enters or leaves your email infrastructure.
Secure email gateways can scan inbound emails for malicious content to ensure that they are safe to be opened. SEGs can also perform actions on outbound emails (scanning, encrypting, or adding authentication measures) to prevent data loss incidents through email interception or human error.
How does a secure email gateway work?
Secure email gateways usually provide security for multiple users, with a host of features such as content filtering, and malware protection, and encryption working together to prevent email-based security risks.
SEGs can work differently based on these features and whether they are designed to focus on protecting inbound or outbound threats.
Inbound secure email gateways
Secure email gateways that work primarily to prevent inbound email threats usually follow 4 steps:
- Email traffic is intercepted: The gateway operates at the perimeter of the network, acting as the first line of defence against cyber threats that enter through email. When an email is sent or received by an organisation's email server, the secure email gateway intercepts the message before it reaches the receiving inbox.
- Email content is scanned: The secure email gateway scans the contents of an email, including the URL and attachments, for any signs of malicious content or suspicious activity. This may involve using various techniques such as signature-based detection, machine learning algorithms, or reputation analysis.
- Threats are identified and blocked: Once the email content is scanned, the secure email gateway checks the email against its database to determine whether it matches any known signatures of malicious content. If the gateway detects any threats, such as malware, phishing attempts, or spam, it will either delete the message, send it to a quarantine folder for review, or redirect it to a spam folder.
- Safe emails are delivered: If the secure email gateway determines that an email is safe, it will allow it to be delivered to the intended recipient's inbox. This ensures that only safe and legitimate emails are allowed to pass through.
Outbound secure email gateways
For secure email gateways designed to prevent outbound email threats, the process usually centres around encryption and the authentication of recipients:
- Users create an email message and attach documents as normal before pressing ‘send’. Depending on whether the email meets pre-configured rules such as included x-headers or specific phrases in the subject line, the email will be marked to be sent securely.
- Before the email is sent, senders may have the option to set an authentication challenge for the recipient. This can involve verification tasks such as asking them a question only they know the answer to, or sending a passcode to their mobile devices.
- Once the authentication challenge has been set, the email enters the mail server and undergoes DLP (data loss prevention), AV (antivirus) and server-side signature checks. Only then does it enter the secure email gateway, where it is encrypted with two keys, both of which are needed to decrypt the message once it reaches the recipient.
- When encryption is complete, Key A is attached to a notification email sent to the recipient and Key B is kept within a secure vault until any authentication challenge set for the recipient is passed. Keeping the two keys separate ensures that threat actors, even if the email were intercepted, would be unable to break the encryption as they only have one key.
Find out more about how email encryption gateways work.
Exploring the common features of a secure email gateway
A secure email gateway can use a variety of techniques and tools to determine whether an email is safe, whether it’s being sent or received.
Inbound email gateway features
When considering gateways that protect against inbound threats, we see the following features:
Spam filtering is the process of identifying and removing malicious or unwanted emails from incoming email traffic. In a secure email gateway, spam filtering is an essential component of email security that helps prevent spam and phishing emails from reaching the end-user’s inbox.
A SEG can use various techniques to filter out spam, such as:
Content filtering – The SEG analyses the email content and identifies keywords or phrases that are commonly associated with spam.
Blacklisting – Comparing inbound emails against a list of known spam senders or domains and blocking emails that arrive from those sources.
Reputation-based filtering – The gateway assesses the sender's reputation based on past behaviour and blocks emails from addresses with a poor reputation.
Virus and malware screening
Virus and malware screening within a secure email gateway involves identifying and blocking email attachments and links that contain viruses or malware.
When a gateway receives an incoming email, it scans all the attachments and links in the email for malicious content. If a virus or malware is detected, the SEG can prevent the email from reaching its intended recipient by quarantining the email or blocking it entirely.
In some cases, the gateway may also notify the sender that their email has been blocked due to security concerns.
Machine learning is a type of AI where algorithms are trained to make predictions or decisions. Using machine learning within a secure email gateway improves the accuracy of email filtering and threat detection by training the algorithm to learn patterns and common features of spam, phishing, and other malicious emails.
Some specific examples of how machine learning is used within a secure email gateway include:
Content analysis – Machine learning algorithms identify keywords or phrases that are commonly associated with spam or phishing attempts.
Behavioural analysis – Algorithms analyse patterns of email traffic, such as the frequency and timing of messages, to detect unusual or suspicious behaviour.
Outbound email gateway features
When considering gateways that protect against inbound threats, we see the following features:
Data loss prevention (DLP)
Data Loss Prevention is an important feature within secure email gateways, helping organisations to prevent sensitive information from being accidentally or intentionally disclosed.
DLP works by analysing the content of outbound emails and attachments and identifying sensitive information such as financial data or intellectual property.
If this type of data is found, the DLP system can either:
- Automatically block the email from being sent.
- Notify the sender and/or recipient of the violation.
- Quarantine the email for further review.
Advanced DLP systems also have the capability to automatically remove or replace sensitive information from an email before it is sent.
Many secure email gateways include archiving features to help organisations comply with legal and regulatory requirements.
Archiving features allow businesses to retain a copy of all emails that pass through the secure email gateway, ensuring that they have a complete record of their communications. These archives can be used to support e-discovery requests, as well as ensuring that the company remains compliant by adhering to industry regulations.
Email encryption is the process of scrambling the contents of an email to prevent unintentional third parties from reading the contents. Encryption is critical to outbound email security, and some secure email gateways have the ability to automatically encrypt emails containing sensitive information.
To set this up within your business, your mail server must be configured to follow a rule that routes your outbound emails to the gateway. There are several rules you could use, with the encryption process having the potential to be automatically triggered when:
An attachment is detected.
- The recipient has an email address with a certain domain.
- The subject line contains a pre-determined keyword.
- The email contains a specifically designed X header.
- The email has been flagged as ‘confidential’.
Email revoke, sometimes confused with email recall, allows the sender to block a recipient’s access to a message after sending it, even if it’s been opened.
This feature is useful in instances of human error, such as when an email is sent to the wrong person, and it prevents sensitive data from being accessed by unintended recipients.
While many email clients offer a recall function, such as those provided by Outlook and Gmail, this feature is very limited and only works under a set of specific circumstances. Using a secure email gateway with a unilateral revoke function allows users to reverse missent emails in any situation and reduce the threat of a data breach that can’t be contained.
Secure email gateways can play a crucial role in helping organisations maintain regulatory compliance by offering logging and reporting for audit purposes.
Gateway audit functions can record interactions between a sender and recipient, including opens, downloads, and revoke calls. This allows senders to monitor the status of their outbound emails and sometimes to receive notifications when a recipient interacts with a message.
Email audit trails are important for demonstrating compliance with internal policies and regulatory requirements, especially in highly regulated industries such as financial services.
Security phrases can be used to prompt users to send an email securely. A secure email gateway that offers this feature will scan outbound messages for certain words, nudging users to encrypt emails if it detects these phrases within their subject line or body content.
Phrases can be configured to include any words associated with sensitive information, for example:
The functionality acts as a safety net for users that may forget to secure emails manually.
Why is a secure email gateway needed?
Email is the #1 tool for businesses and consumers, with an estimated 347 billion messages sent and received each day.
Unfortunately, email was never built with security in mind and poses a significant risk with its current level of usage.
There are several key risks that a secure email gateway can help prevent:
Phishing is where a malicious third party sends an email pretending to be from a legitimate source, with a 2023 study from IMB showing that 41% of cyber-attacks use phishing.
Threat actors pretend to be anyone from Royal Mail to your bank, with the goal being to trick the recipient into clicking a link. This link either directs the recipient to a fraudulent website, where they could input sensitive data (such as their financial information, address, or login details) or it would download malware to the user’s device.
Secure email gateways can prevent phishing emails from reaching an inbox by scanning the contents of an email for malicious links.
Email interception is where a third-party gains unauthorised access to an email when it is in transit between the sender and the recipient, or within an email server.
By doing this, any sensitive data being transferred can be retrieved. Secure email gateways can counteract this by using end-to-end encryption, leaving threat actors unable to read the emails being transmitted, and by using recipient authentication to prevent them from accessing the decryption key.
Human error can happen, especially with email. Emails being sent to the wrong person are one of the main risks to users (particularly if they contain sensitive information).
Our research shows that more than ½ of consumers have shared personal data over email, and a ¼ have accidentally shared this data with the wrong recipient. In fact, 9 out of 10 data breaches are caused by some form of human error.
Secure email gateways can prevent instances of human error by offering authentication and email revoke capabilities to ensure messages are only accessed by the correct recipients.
Who is a secure email gateway designed for?
Secure email gateways can be used by any organisation that uses email regularly and is looking to secure their comms and the data they contain.
Data protection is especially pertinent for those dealing with large amounts of sensitive data within regulated industries, including financial services, legal, government agencies, educational institutions, and non-profit organisations.
What are the benefits of a secure email gateway for businesses?
While improved email security is the main benefit of a secure email gateway, there are several other business reasons for adopting this kind of technology:
Compliance with regulation
Many industries require stringent processes to align with regulations surrounding data protection. UK GDPR is one of the main regulations that need to be adhered to by businesses. It requires organisations to process personal data in a way that ensures it can be protected.
The Information Commissioner’s Office (ICO) recommends that businesses use security measures such as encryption to protect personal data when it is transmitted over email.
Increased trust and credibility
Consumers expect their data to be protected and will be quick to question organisations that do not implement appropriate precautions.
Businesses that prioritise the safety of their customers’ data are rewarded with high levels of trust and retention. Companies that suffer a data breach or cyber-attack face a host of negative consequences, with research showing that 33% of businesses lose customers and 34% experience damage to their reputation.
Reduced risk of financial loss
Experiencing a cyber attack or data breach can be costly, with IBM estimating that the global average cost of a data breach is $4.35 million.
Businesses that are affected by a cyber incident risk reduced profits from customer loss, as well as potential fines issued by the ICO, which can reach up to £17.5 million or 4% of annual turnover - whichever is higher.
What should you look for in a secure email gateway?
When looking at gateways for your organisation, there are several things you should consider:
Most secure email gateways offer a choice of deployment method. These include hosting the gateway on-premise or in the cloud. Choosing the best method for your business will depend on your budget, infrastructure, and resources.
For organisations that send a large number of emails, choosing a secure email gateway that facilitates bulk delivery is key. Automated gateway tech allows businesses to send secure messages at scale without manually initiating the encryption process.
Researching secure email gateway integrations can make deployment easier. Examples of integrations you may want to look at are M365 and Unipass Identity.
While security is a priority, implementing a solution that is easy for senders and recipients to use is key. Choosing a secure email gateway that is specifically designed for simplicity and a frictionless experience will enhance your workflows.
Secure Email Gateways
A secure email gateway provides organisations with an additional layer of protection against email threats. It inspects incoming and outgoing emails for harmful content such as malware, phishing attempts, and spam.
By identifying and blocking potentially dangerous emails, a secure email gateway can help prevent security breaches, data loss, and cyber attacks that could compromise an organisation's systems or sensitive information.
The Mailock Enterprise secure email gateway enables secure communications for your organisation. Protect sensitive information with a seamlessly integrated secure email solution.
- Enable confidential communications
- Comply with FCA/ICO/ESMA guidance
- Create a branded recipient experience
Learn more about Mailock Enterprise.
Originally posted on 19 04 23
Last updated on May 26, 2023
Posted by: Sabrina McClune
Sabrina McClune is an expert researcher with an MA in Digital Technologies. She was a finalist in the Women In Tech Awards 2022. Sabrina has worked extensively with B2B technology companies conducting and compiling thorough academically driven research to produce online and offline media. She loves to read fantasy novels and collect special edition books.
Get live updates
Subscribe to our exclusive secure communications content for professionals in regulated sectors.