Gateway Email Encryption
Policy-based email encryption and digital signing for data leakage prevention and regulatory compliance.
How it Works
MailMarshal Secure Email Server is a standalone S/MIME gateway that can be configured to work with MailMarshal SMTP or any other email server that can recognize and route S/MIME messages. When used with MailMarshal SMTP, it can enable automatic encryption, decryption and digital signing policies as well as managing, harvesting and storing public keys for secure contacts.
Click Image to Enlarge
The diagram above shows how MailMarshal Secure Email server operates and how it works with other servers and directories.
Step-by-Step
- Confidential Email - an authorized user within your organization sends a confidential email to a secure contact.
- MailMarshal SMTP – MailMarshal SMTP evaluates the message and automatically determines that based on confidential content and the intended recipient the message must be encrypted before leaving your organization. It routes the message to MailMarshal SES for encryption and signing. Or, in the reverse scenario where your MailMarshal SMTP server receives an encrypted message from a secure contact, it routes the message to MailMarshal Secure Email Server for decryption. NOTE: MailMarshal SMTP and MailMarshal Secure Email Server can be deployed together on one server or separate servers.
- MailMarshal Secure Email Server - the confidential email is accepted by MailMarshal SES which then signs the message with your organization’s Private Key and automatically retrieves and applies the relevant Public Key for the intended recipient. If the right key is unavailable, has expired or been revoked, MailMarshal SES can be configured to automatically retrieve the right key from a central LDAP server or independent Certificate Authority (see Step 4). MailMarshal SES will also automatically harvest and store Public Keys from incoming digitally signed messages.
- Independent Validation - MailMarshal SES can interface with a centralized LDAP server that you and your secure contacts establish together to maintain credentials such as certificates/public keys and certificate revocation lists. This makes it easy to add new members and share key updates without any manual administration. MailMarshal can also work with independent Certificate Authorities such as VeriSign or Comodo.
- Encrypted & Signed Email - Once the message has been signed and encrypted by MailMarshal SES, it is then routed back to MailMarshal SMTP where it is re-checked against policy before transmission. Once the email leaves your organization it can only be opened by the intended recipient.
- Remote Contact - The intended recipient can be an individual such as one of your own staff working out of the office or an external party such as a contractor or lawyer. These individuals can use a standard S/MIME email client such as Microsoft Outlook to communicate with your organization securely.
- Secure Contact Organization - Your secure email partners can use MailMarshal or any other suitable S/MIME gateway to decrypt the message or a standard S/MIME client such as Outlook.
- Intended Recipient - Whether the email is decrypted by an S/MIME gateway or S/MIME client the intended recipient is the only person able to view the message. The recipient can also trust that the message is authentic and unaltered as it is digitally signed by MailMarshal SES with your company’s Private Key.
Requirements
| Processor | Pentium 4 class processor |
| Disk Space | 10GB (NTFS) or higher |
| Memory | 512MB or higher |
| Operating System | Windows Server 2003 or Windows XP Professional (32-bit only) |
| Database | (Optional) Microsoft SQL 2005 or SQL Express 2005 |
| Recommended | MailMarshal SMTP version 6.4.5 or later, OR other compatible email gateway with S/MIME routing capabilities |
Please note: MailMarshal SMTP does not support 64-bit versions of Windows
Deployment
MailMarshal Secure Email Server can be co-hosted on the same server with MailMarshal SMTP or another S/MIME gateway or can be deployed separately on its own server. For best results we recommend working with one of our certified technical sales consultants to identify the ideal solution for your organization’s secure email requirements.
