Mail Gateways – CompTIA Security+ SY0-501 – 2.1

Your email gateway can be a valuable part of your IT security strategy. In this video, you’ll learn about blocking unsolicited email at the gateway, identifying spam, and encrypting email automatically from the gateway.

<< Previous Video: Network Access Control Next: Other Security Devices >>

Most organizations have to deal with the problem of unsolicited email. It’s very common for an organization to perhaps put their own email gateway where all the information coming in and out is filtered through that gateway before ever coming into an internal email server. Some organizations will not have this in their DMZ. They’ll instead have that email gateway in the cloud. But it will still perform checking for spam, and make sure that the data coming through is really intended for recipients on the inside of your network.

This email gateway allows you to examine all of the communication, both inbound and outbound, of your network. You can identify when unsolicited spam advertisements are being emailed inbound. And if this inbound email appears to be a phishing attempt, you can block it at the gateway or modify the link before it arrives into the recipient’s inbox.

It’s very common to include anti-virus on these email gateways so that all of the inbound and outbound attachments can be scanned. And it’s also common to include data loss prevention on the email server. That way, if somebody is sending or receiving an email that contains personal or proprietary information, it can be filtered out of the email at the gateway.

These email gateways use a number of different methods to identify unsolicited messages, or spam. One of these is to only allow messages from known good locations. This is white-listing. Everything else would be blocked except for very specific emails that you allow. Another type of spam check to see if these messages are conforming to specific SMPT standards. And anything that doesn’t follow the RFC is not allowed into the network.

Another good spam check is to perform a reverse DNS. You can examine the inbound email and who is sending the email message, and then you can examine the IP address of where that message was sent from. You can then perform a reverse DNS on the domain name of the sender and make sure that the email address that originally sent the email matches what’s in the DNS for that email server. If those two IP addresses don’t match, then you probably have some spam, and you can discard that email at the gateway.

Another way to look for spam is to implement tarpitting on your email gateway. This is when you slow down the conversation between your email gateway and the sending email gateway. Spammers don’t like to be slowed down. They like to send as many emails as possible. And if your email gateway is slowing down the conversation, the idea is that they will eventually give up and not send any spam at all. And lastly, and perhaps most obviously, there is recipient filtering. If there’s inbound email that’s being sent to an email address that’s not valid in your organization, you can block it right at the email gateway.

As our emails are traversing through the internet, it becomes very easy for a third party to view that information, and many times the mail that we’re sending is all in the clear. It’s not encrypted. If you’re sending and receiving sensitive information, it’s practically a requirement that this information be encrypted in the email message. The challenge that we have is the encryption process for most email systems is not one that’s seamless or automatic, and there are a number of steps you have to go through just to make sure your email message will be encrypted.

The email gateway is a great place to check to see if the outbound emails are properly encrypted. You can check for a certain type of traffic or traffic from a particular email address and make sure that a policy applies to encrypt that data. Some email gateways can even send a text message to the recipient of the email letting them know what the password is so that, when they receive the email, they’ll be able to decrypt the data. And if your email client already includes an encryption process, the gateway can recognize that encryption and allow that email to be sent normally.