Skip to main content

Even as digital collaboration solutions have evolved, email has remained a prevalent communication channel, which also means cyber criminals continue attacking it. In 2023, 97% of organisations surveyed by Mimecast experienced email-based phishing attacks. These threats range from basic phishing attempts to more sophisticated schemes to extract login details, deploy malware, or deceive individuals into transferring funds to fraudulent accounts.

Training teams to recognise phishing is an essential tactic to reduce successful attacks. Preventing these attempts from landing in people’s inboxes in the first place will improve your company’s security maturity. Email protection solutions have existed in the market for over two decades, designed to scan and check that emails sent and received within the business are legitimate and don’t contain malicious or misleading information. 

From Mimecast’s ‘The State of Email Security’ report

From Mimecast’s ‘The State of Email Security’ report

Source: Mimecast.

Understanding baseline email protection methods

Almost every email protection solution on the market uses reputation checking, email scanning and attachment scanning as a baseline.

  • Reputation checking assesses the credibility of the email sender through analysis of their IP address, domain reputation, and past email behaviours, helping pre-emptively filter out potential spam or phishing attempts. 
  • Email scanning analyses the content within the email, including all text and links, to find deceptive or harmful material.
  • Attachment scanning examines files for hidden malware or viruses to prevent people from receiving and opening emails with malicious content.

It’s pertinent to note that you might see differences in the depth of scanning and methods used as this varies from vendor to vendor (these are often proprietary).

Understanding baseline email protection methods

Two main approaches to modern email protection

Email and collaboration have significantly changed over the past fifteen years with the emergence of Microsoft 365 and Google Workspace. Yet, email protection solutions have encountered challenges in mitigating and managing email concerns in a cloud environment. A 2023 Gartner survey found that 62% of Australian CIOs planned to increase cloud investments this year and reduce spending on their data centres. Alongside this, cloud-based email platforms are now the norm and continue to rise in popularity.

Email protection must cater for this change and vendors have adopted two different methods to achieve this: 

1. Mitigate prior via email gateway

An email gateway is a more traditional approach to email protection. This method uses a server that acts as a ‘gateway’ to your company’s inboxes and screens the incoming emails. It prevents potentially malicious emails from reaching a user’s inbox and functions for email in the cloud and on-premises. The email gateway solution receives the email data, and the provider scans and checks emails sent and received to ensure they’re clean before accepting the emails. 

In this approach, there is greater reliance on the scanning methods, grounded in detailed policies that define the email communications deemed safe by the organisation. This approach offers a few advantages, such as the ability to route emails through differing pathways and the creation of quarantine zones to manage detected threats.

At recon, we support two major vendors for email gateways: Proofpoint and Mimecast. Both have extremely strong scanning methods. Their attachment scanning is typically more robust than other solutions. They can incorporate sandboxing of attachments and URL rewrites as a function that minimises phishing attacks. 

Mimecast focuses only on cloud-based environments (Google and Microsoft), and Proofpoint supports cloud and on-premises mail servers. Both have their value adds, so it’s best practice to speak with an expert before deciding on or deploying a solution.

2. Mitigate after via data analysis

This recent approach has evolved due to more organisations hosting their email in cloud platforms like Microsoft or Google. It’s a solution that analyses emails for malicious or anomalous information after they arrive at the server. If there is a concern, it quarantines emails from the inbox into a separate area on the email server to protect the user. 

This approach checks the sender’s reputation and behavioural analytics to verify the legitimacy of each email. It often uses existing Microsoft and Google email protections for scanning and supplements these inbuilt protections with historical data on emails received to improve the detection of impersonation attempts and abnormal communication patterns.

Regarding data analysis solutions, we have assessed several offerings available on the market and found that Abnormal Security has strong analytical and anomaly detection capabilities. However, they predominantly focus on Microsoft 365 environments when supplementing E3/E5 licensing. 

Two main approaches to modern email protection

Choosing the right email protection for your business

Not all email protection solutions offer the same features; not all will be right for every business. When choosing email protection for your organisation, you need an understanding of your unique requirements. Evaluate the specific needs based on your email system’s environment—whether cloud-based, such as Google Workspace or Microsoft 365, or an on-premises setup. 

Testing and validation ensure that your chosen email protection solution aligns with your business needs. It’s not enough to select a solution based on its feature set alone; you must also conduct thorough testing to verify that it performs effectively within your specific environment. 

Choosing the right email protection for your business


When investing in email protection, you have a couple of different options. Whether you choose pre-delivery mitigation via email gateways or post-delivery analysis, both strategies offer unique benefits for different organisational setups. The selection process hinges on assessing your needs and considering your email environment. You must also complete testing and validation to ensure the solution meets your requirements. By selecting a solution that fits your business’ needs, you establish a defence that prevents current threats and prepares your business for future challenges.

recon can establish or enhance email protection in your organisation

Do you need a solution to strengthen email protection in your organisation? Our Managed Services can elevate your email protection strategy. We bring cyber security expertise to your business with comprehensive services to protect your digital assets, so you do not have to hire in-house specialists. 

By partnering with us, you can access market-leading cyber security knowledge and technologies that protect your organisation from evolving threats. You can find more information on our Managed Services page.

Related blogs

Can you afford not to invest in cyber resilience?

What should Australian CISOs care about in FY2024?

7 risk and compliance checkpoints to benchmark your company