Blog

Blog Search

Search this site

Advertisements

Everything Else

Sponsor

Wood Watch Review

Google Custom Searches

Custom Blogger Search
Custom Sametime Search
Custom XPages Search

Subscribe

Subscribe via RSS

Recent Tweets

Hosting by

You are here: Home › Blog

Perimeter Email Security, who has it?


Tags :


I have found I read and get to play with technology a lot here.  Well the theory (and a recent read from Messaging News) on Perimeter Email Security Appliances caught my eye.  Instead of just tossing mail over the fence into the company and then tossing things back out, the appliance is to watch the behavior of traffic as well.  Not just spam and virus, but learning from the amount at one time as well as source.  For example:

  • If a lot of mail is coming in for non-legitimate addresses, then it can be directory harvesting or even a DoS attack
  • If mail is going to large groups at one time, and not from an internal or approved course, it would be tagged as spam if from a single source
  • Mail flowing between people in the organization can be checked as well
This last bullet is interesting because it means pushing external mail out to the DMZ area for the perimeter device.  While it is great that all the functions of cleaning, scouring and quarantining mail is done by dedicated devices, having internal confidential mail run to the DMZ makes for an architecture headache.  This is one part to investigate before randomly deploying such an appliance.

Plus, if the mail is encrypted (Notes), then how would many of these appliances even read the message to begin with?  There is no ability to track content then.  Then how do the users manage retrieving the mail that has been quarantined by the appliance?  What interface is available?  Do administrators have to do this manually? How are the signature and content files updated?  What is the support for blacklists, whitelists and even SPF or Domain Keys?  Just things to think about.