Home / server / Questions / 584827
In Process
chernayavdova
Asked: 2014-03-27 21:33:36 +0800 CST

Hierarchy of Scanning Outgoing Mails on a Secure Email Gateway

  • 772

Good day. Can anyone help me determine what could be the standard hierarchy of scanning outgoing mails on a secure email gateway (regardless 9f the vendor)? Should mails be scanned by policies before being put into queue, or the other way around? Because we used to experience a lot of queue on our outgoing due to undeliverables where only to find out that recipients were invalid addresses. Policies we have created seems not to be triggered that are supposed to drop predetermined invalid emails. Thanks!

security

1 Answers

  1. I prefer to enforce policies pre-queue wherever possible (for incoming and outgoing gateways) :

    • it prevents backscatter from your gateway
    • it immediately informs the sending system of the issue
    • it can save a lot of resources (rejecting forged senders/non-resolvable recipient domains in a spam outbreak is less resource intensive than accepting and bouncing every message)
    • may or may not be a reason in your environment: it keeps the amount of responsibility of your server to a minimum. as soon as it accepts a message it is responsible to either deliver or bounce. rejecting pre-queue keeps the responsibility in the sender's system.

    That being said, make sure all your pre-queue policies can be checked quickly. For example, inline virus scanning of large attachments could introduce network timeouts and therefore not be suitable for pre-queue enforcement.

    • 1