A messaging security gateway is a firewall for your e-mail. Scanning both inbound and outbound e-mail, a messaging security gateway applies all of the e-mail-specific protections you need to do business in a spam, virus, and malware-laden world. At a minimum, messaging security gateways include four separate security protection features: spam filtering, virus and malware blocking, content filtering, and message archiving.
Spam filtering is the most visible feature of a messaging security gateway, and the one that draws the most kudos, and complaints, from end users. Basic spam filtering usually includes some prefiltering technology based on IP reputation (sometimes called a RBL, from the first attempts to solve this problem with IP routing, "realtime black hole" list), to block traffic from known spammers and keep load levels reasonable. Spam features in security gateways vary, but often include multiple verdicts (such as "definitely spam" and "probably spam") to help reduce the impact of false positives as well as individual quarantine systems for users to retrieve incorrectly marked e-mail.
Virus and malware blocking are no less important, since about 1% of all e-mail is virus-infected, but gets much less attention than anti-spam features. Messaging security gateways normally block malware-infected e-mail without too much fanfare.
Most businesses today are also in need of content filtering and archiving features, so messaging security gateways are moving to provide these services as well. Content filtering is typically done on outbound mail, looking for information either intentionally or accidentally being sent to the Internet outside of policy. Occasionally, content filtering is also used to look for inappropriate content being sent into an organization. Message archiving features sitting at the gateway level are being touted as a way to assist in compliance and e-discovery efforts, but may not fit the bill because the gateway only sees Internet-bound e-mail. Most enterprises will find that archiving must be done at the actual e-mail server to catch internal as well as external e-mail.
