Email Security & Archiving
An abbreviated overview of the Google (Postini) Service
(This is for information only as Vioptim no longer sells the service since its withdrawal from the Cisco ScanSafe service)
Management Overview
The ever increasing importance of email to businesses and the ever increasing threats to the service have resulted in a great deal of focus on how best to manage this critical resource. According to a number of organisations dealing with inbound traffic from the Internet, over 90% of all emails are spam, some of which include a variety of viruses, graphics images and ‘phishing’ attempts. Stopping spam from entering the customer’s corporate system reduces the bandwidth requirements and can significantly reduce the storage requirements for unwanted email.
There are two approaches to solving the problems: firstly an appliance based solution requiring hardware and software to be implemented and maintained in-house; secondly a Managed Service which intercepts email before it gets to the intended receiving system.
Because of the surges that occur within the Internet relating to spam and other forms of attacks, plus the potential growth of the number of email users within the customer, appliance based solutions may require upgrading from time to time. The Managed Service from ScanSafe guarantees no loss of emails nor degradation of service regardless of what is happening in the Internet or the growth in the customer’s user base.
The guarantees* that can be made when a customer takes on this service are:
- 100% virus elimination
- 98% spam blocked
- 0.0003% false positives
- 99.999% availability
- 100% delivery assurance
- 100% real time control
- Maximum of 60 second latency for delivery of email
The flexibility of the service means that the management of the system can be centralised or distributed, the policy can be set globally, by group or at an individual user level and that all changes made are immediately effective.
A major business benefit of the architecture means that delivery is guaranteed from sender to receiver because there is no intermediate storing of the email within the managed service. This means that once the senders system has reported that the email has gone, it will have been received at the intended address. It will not be somewhere in between which can happen with systems that use a ‘store and forward’ architecture. There is one exception to this rule and that is an option for the managed service to enter ‘spooling’ mode should the customer’s receiving server become unavailable. Enough storage is available to provide up to seven days worth of email in this event.
Technical Overview
Putting the control of email in ‘the cloud’ provides a number of advantages over an in-house design, but the advantages of the Postini service don’t stop there. A key differentiator is the ‘Pass Through’ technique that this solution provides whereby emails are not stored on disk but are dealt with in memory in real time. In other words the service acts as a proxy, forwarding connection requests between the sender and the receiver, rather than storing the email and handling it as two separate transactions (receive from sender, send to receiver).
This ‘Pass Through’ architecture derives a number of advantages such as guarantee of delivery, minimal latency and fail-over of system without the loss of emails as they are not stored in any intermediate repository.
Connection Manager
Shown in Figure 1, the front end of the service is the Connection Manager which monitors a number of pieces of information relating to individual IP addresses. By building up a state table over time, the connection manager can spot IP addresses that are sending out unwanted content and ultimately will refuse connection requests to these sites. Over 50% of emails are blocked from entering the system using this facility.
Filter Manager
Once the Connection Manager allows an email to progress through, the next stage of the process is the Filter Manager. This checks the email by passing it through two separate virus checkers, anti spam filters and checks the policy for attachments and lexical rules. The process takes from 50-150ms to complete and results in one of two actions. Either the email is allowed to be delivered or it will be sent to a quarantine area where it is stored for up to 28 days. A notification is passed to the recipient at the customer that an email has been quarantined and is available for inspection.
Delivery Manager
If the email passes all the tests and checks, then it is allowed to complete delivery to the recipient and an acknowledgement of this completion is proxied through the system between recipient and sender.
A feature of the delivery manager is its ability to deliver to specific locations usually with knowledge of primary and secondary sites. This is advantageous to organisations that have multiple delivery points and back-up systems. Delivery locations are held for each individual email account providing very granular flexibility for managing any WAN configuration.
Populating Email Accounts
There are a variety of ways for the email user information to be populated within the managed service. The most common way is to synchronise with one or more LDAP directories or Active Directories but for small numbers of users simply cutting and pasting the information is common. Once the user information is in place a hierarchical system of management is used to define policy, produce reports and manage quarantine. This provides the ability for an organisation to define multiple points of administration with defined limits of what the sub-administrators can see or do. For organisations with separate in-country IT management, this allows policy to be handled differently in accordance with local requirements and practices but governed by overall company policy.
Resiliency and Continuity
Postini has multiple pairs of data centres that act in active/passive mode and are configured such that each pair of processors within each data centre are only loaded to 40% of their capability. This means that any unexpected increase in workload will not overload an individual server and that all the customer configuration and policy information is replicated across servers and paired sites. As all connections are proxied live between sender and receiver, if a loss of service occurs during an email transfer then that email will remain ‘unsent’ by the sender i.e. no final acknowledgement will have occurred unless the email has been fully delivered. Once the secondary site takes over the email can be retransmitted.
Archiving
Legislation is forcing the hand of many organisations to record and maintain, for several years, all correspondence. With so many different forms of communications available both email and instant messaging are used as a matter of general business procedure. An additional facility available through ScanSafe is archiving. This allows archiving of all valid emails and can be applied to internal email through the use of the journaling facility. Storage times are for 10 years.
A key component of an archiving system is the ability to retrieve stored information easily and this is achieved by an advanced indexing system. Importantly, all information can be stored in immutable storage, making it valid for legal purposes.
Access to all stored material is fully configurable and carefully controlled.
Service Description
This section provides a synopsis of the specific services that are provided through this managed service.
Spam Filtering
- Evaluates the components of each message to determine if the message is spam, using a heuristics-based anti-spam engine.
- Quarantines inbound email messages that may be spam, and makes these messages accessible to the individual user through the web-based Postini Message Centre (the “Message Centre”) for review and disposition for a period of up to 28 days from the receipt of such email.
- Can be customised at an organisation and/or user group level, using the Postini Administration Console, including creating unique settings at the user group and/or individual user levels and establishing controls based on job function and responsibilities.
- Can be configured by individual users, who can specify their own filters, as permitted by the administrator.
Click the icon to download a technical overview of the Postini email service