email

A Better Way to Secure and Authenticate Application Email

Email is a critical part of business operations—but business email has many forms and extends well beyond user-to-user communications.

Take transactional emails. They are generated systematically, by applications and produce much higher volumes than user-initiated emails. Transactional emails include invoices or password resets, and emails from third-party, software-as-a-service (SaaS) partners, such as Salesforce, ServiceNow or Workday. Application emails are another form of business email. These critical emails often originate from outside of a company’s secure email infrastructure. That means they may not have the same levels of protection, and they can put an organization’s email identity at risk. 

Secure Email Relay

Some organizations have attempted to route their application emails through their user-based systems, but this can cause serious issues and is therefore not advised. Due to the volume of messages, and the potential for third-party SaaS solutions to be compromised, this move could result in a company’s domain ending up on a blacklist. That would cripple the company’s communications and bring operations to a screeching halt.

Other challenges with application email

When organizations attempt to migrate all their email to the cloud, they often encounter issues with application email due to unforeseen limitations.

Let’s look at Microsoft Office 365 as an example. Using the SMTP authentication method, sending is limited to 10,000 recipients per day and 30 messages per minute. Shifting to the direct send method would result in an organization being unable to send messages to external recipients—and attempting to use their SMTP relay would exclude sending third-party application email.

Many organizations hoping to migrate email to the cloud find they need to keep on-premises gateways running just to handle their application emails. This is not only a financial burden but also a drain on resources that could be focused on higher priority activities.

And here’s another challenge with application email: The risk of email spoofing is heightened because not all sources of application email can support DKIM (Domain Keys Identified Email) signing. Having DKIM signed messages is important from both a security perspective, ensuring the source and that the message hasn’t been modified, as well as from deliverability perspective (less likely to be sent to a recipients spam folder).

Finally, a viable alternative

Proofpoint has created a solution to overcome these challenges via Secure Email Relay (SER). SER is a cloud-based offering that creates a protective layer between application emails and their recipients, without the limitations associated with other relay solutions.

Only authenticated sources are permitted to submit emails to SER for relaying. Messages are then scanned for malicious content and viruses, ensuring they’re clean before proceeding. In addition to anti-virus and anti-spam scanning, messages are also DKIM signed to protect against identity deception and support DMARC initiatives.

Add-on options provide organizations the ability to restrict sensitive content or provide encryption before sending, and copies can be automatically sent to an archive if needed for regulatory compliance purposes.

Learn more about Proofpoint SER

With a centralized solution like Proofpoint Secure Email Relay, your organization can achieve better management of all the applications and third-party SaaS partners sending email from your domain. And if one of these sources is compromised, you’ll have the control to shut them off immediately. This is especially important for third-party applications that historically were outside your control but could cause significant damage to your email identity and brand.

So, whether you’re looking to retire your on-premises relays, increase your protection with DKIM or just want better control over all of your application email, Proofpoint Secure Email Relay may be the solution you’re looking for.

Join me on Tuesday, June 14, 2022 at 10:00 am PDT for my webinar on, Addressing the Challenges of Transactional Email with Secure Email Relay.

During Protect, I sat down with Gary Masters, System Director – Cybersecurity Engineering at CommonSpirit Health, to discuss how they implemented email authentication, including Secure Email Relay, to better protect their brand and reduce their on-prem footprint. Click here to watch

For more information about Proofpoint Secure Email Relay, download our data sheet. To learn about other email authentication solutions from Proofpoint contact us at www.proofpoint.com/us/contact/.

Subscribe to the Proofpoint Blog