Secure Email Gateway
What is Secure Email Gateway?
Secure Email GatewayA perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
A Secure Email Gateway (SEG) sits between the public internet and an organization's mailboxes, often as a cloud service such as Microsoft Defender for Office 365, Proofpoint, Mimecast, Cisco Secure Email, or Google Workspace's advanced protection. It enforces SPF, DKIM, DMARC, MTA-STS, and STARTTLS, scans messages with anti-malware engines, sandboxing, URL rewriting, and impersonation detection, and applies content rules and DLP for outbound mail. SEGs integrate with directory services, MFA-enabled admin consoles, and SIEM/SOAR for response. Newer Integrated Cloud Email Security (ICES) products complement SEGs with API-based, behavior-driven detection inside Microsoft 365 and Google Workspace, focused on business email compromise and lateral phishing.
● Examples
- 01
An SEG quarantines a phishing email impersonating the CEO and creates an investigation ticket in the SOC.
- 02
Outbound DLP rules at the gateway prevent emailing credit card numbers to external recipients.
● Frequently asked questions
What is Secure Email Gateway?
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes. It belongs to the Network Security category of cybersecurity.
What does Secure Email Gateway mean?
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
How does Secure Email Gateway work?
A Secure Email Gateway (SEG) sits between the public internet and an organization's mailboxes, often as a cloud service such as Microsoft Defender for Office 365, Proofpoint, Mimecast, Cisco Secure Email, or Google Workspace's advanced protection. It enforces SPF, DKIM, DMARC, MTA-STS, and STARTTLS, scans messages with anti-malware engines, sandboxing, URL rewriting, and impersonation detection, and applies content rules and DLP for outbound mail. SEGs integrate with directory services, MFA-enabled admin consoles, and SIEM/SOAR for response. Newer Integrated Cloud Email Security (ICES) products complement SEGs with API-based, behavior-driven detection inside Microsoft 365 and Google Workspace, focused on business email compromise and lateral phishing.
How do you defend against Secure Email Gateway?
Defences for Secure Email Gateway typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Secure Email Gateway?
Common alternative names include: SEG, Email Security Gateway, Mail Security Gateway.
● Related terms
- network-security№ 333
DMARC
An email authentication standard defined in RFC 7489 that lets domain owners publish a policy telling receivers what to do with messages that fail SPF or DKIM and aligned domain checks.
- network-security№ 1076
SPF (Sender Policy Framework)
An email authentication mechanism defined in RFC 7208 that lets a domain publish in DNS which IP addresses or hosts are authorized to send mail using its domain in the envelope MAIL FROM.
- network-security№ 330
DKIM
An email authentication standard defined in RFC 6376 that lets a sending domain add a cryptographic signature to outgoing messages so receivers can verify that headers and body were not altered.
- network-security№ 336
DNS Blocklist (DNSBL)
A DNS-based mechanism described in RFC 5782 that lets mail systems query a list of IP addresses or domains known to send spam or malware and apply blocking, scoring, or routing decisions.
- privacy№ 278
Data Loss Prevention (DLP)
A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
● See also
- № 095BIMI
- № 707MTA-STS
- № 058ARC (Authenticated Received Chain)
- № 270DANE
- № 1098STARTTLS
- № 764Opportunistic TLS
- № 955S/MIME
- № 819PGP