Secure Email Gateways and Anti-Spam Controls
Understand how secure email gateways scan inbound and outbound email for malware, phishing URLs, and data loss before messages are delivered.
The Role of Secure Email Gateways
A Secure Email Gateway (SEG) is a security appliance or cloud service that sits in the mail flow path — either as an MX record destination or as a relay — and inspects all inbound and outbound email before delivery. Unlike SPF/DKIM/DMARC (which verify sender identity), an SEG performs content inspection: scanning attachments for malware, detecting phishing URLs, identifying spam patterns, and preventing sensitive data from leaving the organization via email (DLP). Major SEG vendors include Proofpoint, Mimecast, and Microsoft Defender for Office 365.
How Email Gateways Are Deployed
SEGs can be deployed in two main models. In the inline MX model, the organization's MX records point to the SEG, which receives all inbound mail, inspects it, then relays clean mail to the organization's mail server. Outbound mail is routed through the SEG via a smart host configuration. In the API integration model (increasingly common for cloud email), the SEG connects to the mail platform via API (Microsoft 365 Graph API, Google Workspace API) and inspects already-delivered mail, then retracts malicious messages after the fact — a 'clean-up' approach rather than pre-delivery filtering.
# Inline MX deployment
# DNS MX record points to SEG, not mail server
example.com. MX 10 gateway.seginspect.com.
# SEG flow:
Internet -> SEG (inspect) -> Mail Server -> Users
# Outbound flow (smart host in mail server config):
Users -> Mail Server -> SEG (DLP inspect) -> Internet
# API integration model (Office 365):
Internet -> Microsoft 365 -> SEG API scans
-> Retroactively removes bad mailAll lessons in this course
- Email Authentication: SPF, DKIM, and DMARC
- Secure Email Gateways and Anti-Spam Controls
- Web Content Filtering and DNS Sinkholes
- SSL/TLS Inspection and Man-in-the-Browser Attacks