Here is a look at how messaging-security gateways work.
The same gateway can be used for outbound message delivery, usually with a slightly different set of security controls in place (often filtering, archiving and antivirus are applied to outbound e-mail). In this scenario, the enterprise mail systems hands all Internet-bound mail to the gateway, which then takes responsibility for delivering it. A common feature used in outbound delivery is footer stamping, the nearly ubiquitous practice in certain professions of placing a long addendum onto each message suggesting that anyone reading the message who shouldn't be must either delete it or, at the very least, gnaw off his own right arm.
Messaging-security gateways are a refinement on the older e-mail gateway products that were originally put in place in large-scale networks to convert Internet messaging formats (SMTP and MIME) to and from proprietary formats and addressing schemes used in the enterprise, such as MS Mail, cc:Mail or GroupWise.
This new crop of messaging-security gateways, driven to market by the need for antispam/antivirus functionality at the edge of the network, has lost a lot of the functionality and features of their older brothers, but have taken on the appliance form factor and dramatic increases in performance more appropriate to their sharpened focus on a few specific functions.
Messaging-security gateway defined
A messaging-security gateway is a firewall for your e-mail. Scanning both inbound and outbound e-mail, a messaging-security gateway applies all of the e-mail-specific protections you need to do business in a spam, virus and malware-laden world. At a minimum, messaging-security gateways include four security features: spam filtering, virus and malware blocking, content filtering and message archiving.
Spam filtering is the most visible feature of a messaging gateway and the one that draws the most kudos and complaints from users. Basic spam filtering usually includes some prefiltering technology based on IP reputation (sometimes called a RBL, from the first attempts to solve this problem with IP routing, "real-time black hole" list), to block traffic from known spammers and keep load levels reasonable. Spam features in security gateways vary but often include multiple verdicts (such as "definitely spam" and "probably spam") to help reduce the impact of false positives as well as individual quarantine systems for users to retrieve incorrectly marked e-mail.
Virus and malware blocking are no less important, as about 1% of all e-mail is virus-infected, but gets much less attention than antispam features. Messaging-security gateways normally block malware-infected e-mail without too much fanfare.
Most businesses today are also in need of content filtering and archiving features, so messaging-security gateways are moving to provide these services as well. Content filtering is typically done on outbound mail, looking for information either intentionally or accidentally sent to the Internet outside of policy.
Occasionally, content filtering also is used to look for inappropriate content sent into an organization. Message-archiving features at the gateway level are touted as a way to assist in compliance and e-discovery, but may not fit the bill because the gateway only sees Internet-bound e-mail. Most enterprises will find that archiving must be done at the actual e-mail server to catch internal and external e-mail.
While scanning for spam and viruses can be done elsewhere in the message flow, such as on the e-mail servers, most e-mail managers have found messaging-security gateway appliances the perfect match for an unpleasant job. By separating the filtering function and keeping spam and viruses out of the mission-critical mail servers, they are able to keep performance levels up and keep worries about interoperability and software integration down. The appliancelike nature of most gateways also means that a poorly performing gateway can be upgraded easily or replaced with a beefier model without affecting production mail streams.
Although the gateways are largely independent of the core e-mail system, some integration is needed for best operation. For example, the messaging-security gateway must be linked to the enterprise directory -- normally via Lightweight Directory Access Protocol -- so that it knows what mail to receive, what messages to refuse and how to further route the mail inside the enterprise network (especially if there are multiple internal e-mail systems).
Some vendors, notably Symantec, are experimenting with breaking the messaging-security gateway into two parts: one piece specifically designed for rate control and reputation-based e-mail filtering, and a second honed to handle the filtering, archiving and scanning functions. The idea is that in enormous message streams -- a million messages an hour would be where this starts to kick in -- having these functions separated offers the opportunity for greater scalability.
While most vendors put antispam and antivirus scanning in their gateways, a wide variety of other messaging-oriented functions show up in these systems as well. Content filtering -- looking for specific words or phrases -- is a frequent feature, as is message archiving -- the ability to copy the incoming or outgoing message stream to an archiving server. As part of the antispam functionality, some devices include their own spam or virus quarantine servers.
Also are found fairly frequently are e-mail encryption services, ranging from transport-based encryption (such as enforcing Transport Layer Security, encryption with certain business partners) to application-layer encryption (such as signing and encrypting messages so that only the designated user can read them).
In their quest for greater differentiation in an increasingly commoditized market, vendors also are branching off into other "messaging" security functions, such as IM security.