MailMarshal Secure

MailMarshal Gateway Email Encryption Software

Overview

Gateway Email Encryption Software

MailMarshal Secure Email Server is a secure email solution that ensures organizations can communicate effectively without exposing sensitive or private information. It provides enhanced Public Key Infrastructure with advanced functionality for key generation, certificate harvesting, automated maintenance and centralized authentication directories. MailMarshal Secure Email Server automatically enforces security policies and leverages content monitoring and filtering technology to achieve regulatory compliance and protect against data leakage.

MailMarshal Secure Email Server is a flexible, powerful email encryption and digital signing solution. Once it is installed at the email gateway, it automatically manages encryption for all outgoing and incoming messages and can maintain security credentials for encryption contacts via centralized server updates.

Benefits

Security and Compliance

Enables confidential communication

Ensures the content of confidential emails and attachments remain private between you and your intended recipient. No other party can access the content of the message.

Confirms email sender’s identity and integrity of message content

Authenticates the identity of the email sender via Digital Signing and verifies that the message is genuine and has not been tampered with. Prevents email spoofing or forgeries where a third party can fake the address of the sender and impersonate them. Also ensures that a third party has not altered the content of a message, changing its meaning or critical details, before it has reached the recipient.

Ensures consistent application of security policies

Automatically manages encryption and decryption according to your organization’s policy and compliance standards. As a centralized, server-based solution, no confidential message that needs to be encrypted can be accidentally or intentionally transmitted in an unencrypted format. This removes the potential for human error and ensures that policies are always adhered to.

Meets compliance requirements

Through integration with Marshal’s content monitoring and filtering solutions, MailMarshal Secure Email Server can analyze encrypted message content to confirm that communications comply with regulatory practices and meet organizational policies.

Provides peace of mind

Offers optional levels of encryption strength up to Triple-DES 168-bit. This level of security ensures that even the most determined attempts to break encryption will take enormous effort and resources.

Ease-of-Use and Automation

Allows centralized control of encrypted communication

As a server-based solution at the email gateway, MailMarshal Secure Email Server provides a single point of control to manage encryption for your entire organization. This makes email encryption easier to deploy and maintain. It also reduces training requirements and ensures that all outgoing and incoming encrypted communications comply with organizational policies. There is no requirement for any additional software for workstations or end user training. The entire process is automated and transparent for end users, requiring no effort on their part.

Self-maintaining with low Total Cost of Ownership

MailMarshal Secure Email Server automatically searches for, harvests, sorts and stores relevant digital certificates for later use. Depending on who a specific email message is addressed to, MailMarshal Secure Email Server will select and apply the relevant public key for the appropriate recipient.

Streamlines administration and automatically maintains secure email best-practices

MailMarshal Secure Email Server takes full advantage of information-rich certificates to provide automatic updates and notifications when certificates/keys are due to expire. This allows for keys to be set to automatically expire periodically without introducing undue administrative burden. MailMarshal Secure Email Server can automatically retrieve and deploy updated/replacement certificates from centralized servers via Lightweight Directory Access Protocol (LDAP). Via LDAP synchronization, MailMarshal Secure Email Server is able to automatically update contact details and credentials with secure email partners.

Versatility & Integration

Compatible with other S/MIME gateway solutions

MailMarshal Secure Email Server provides easy integration with other organizations. It can work with third party S/MIME gateways that are capable of policy-based email routing.

Works with independent Certificate Authorities

MailMarshal Secure Email Server complies with industry standards for certificate validation, allowing it to automatically communicate with major Certificate Authorities.

Easily operates with standard S/MIME clients such as Microsoft Outlook

MailMarshal Secure Email Server provides gateway-to-gateway and gateway-to-desktop encryption delivery options, allowing you to securely communicate with organizations and individuals.

Features

Dedicated solution providing policy-based email encryption and digital signing
Public key Infrastructure (PKI) with S/MIME encryption standards up to Triple-DES (168-bit) cryptography
Works with MailMarshal SMTP, or other S/MIME gateways, to provide content monitoring and filtering of confidential messages, ensuring compliance with industry requirements and government legislation
Secure certificate generation technology and comprehensive support for third-party Certificate Authorities
Extensive certificate management including support for Certificate Revocation Lists (CRLs), automated certificate harvesting, sorting and storage
Centralized certificate updates through directory (LDAP) synchronization with established authentication servers
Extensive reports and auditing for secure communications
Cost effective and easy to deploy with almost zero ongoing manual administration

Technical Specifications/Architecture

How it Works

MailMarshal Secure Email Server is a standalone S/MIME gateway that can be configured to work with MailMarshal SMTP or any other email server that can recognize and route S/MIME messages. When used with MailMarshal SMTP, it can enable automatic encryption, decryption and digital signing policies as well as managing, harvesting and storing public keys for secure contacts.

MailMarshal Secure Email Server Overview

The diagram above shows how MailMarshal Secure Email server operates and how it works with other servers and directories.

Step-by-Step

Confidential Email - an authorized user within your organization sends a confidential email to a secure contact.
MailMarshal SMTP – MailMarshal SMTP evaluates the message and automatically determines that based on confidential content and the intended recipient the message must be encrypted before leaving your organization. It routes the message to MailMarshal SES for encryption and signing. Or, in the reverse scenario where your MailMarshal SMTP server receives an encrypted message from a secure contact, it routes the message to MailMarshal Secure Email Server for decryption. NOTE: MailMarshal SMTP and MailMarshal Secure Email Server can be deployed together on one server or separate servers.
MailMarshal Secure Email Server - the confidential email is accepted by MailMarshal SES which then signs the message with your organization’s Private Key and automatically retrieves and applies the relevant Public Key for the intended recipient. If the right key is unavailable, has expired or been revoked, MailMarshal SES can be configured to automatically retrieve the right key from a central LDAP server or independent Certificate Authority (see Step 4). MailMarshal SES will also automatically harvest and store Public Keys from incoming digitally signed messages.
Independent Validation - MailMarshal SES can interface with a centralized LDAP server that you and your secure contacts establish together to maintain credentials such as certificates/public keys and certificate revocation lists. This makes it easy to add new members and share key updates without any manual administration. MailMarshal can also work with independent Certificate Authorities such as VeriSign or Comodo.
Encrypted & Signed Email - Once the message has been signed and encrypted by MailMarshal SES, it is then routed back to MailMarshal SMTP where it is re-checked against policy before transmission. Once the email leaves your organization it can only be opened by the intended recipient.
Remote Contact - The intended recipient can be an individual such as one of your own staff working out of the office or an external party such as a contractor or lawyer. These individuals can use a standard S/MIME email client such as Microsoft Outlook to communicate with your organization securely.
Secure Contact Organization - Your secure email partners can use MailMarshal or any other suitable S/MIME gateway to decrypt the message or a standard S/MIME client such as Outlook.
Intended Recipient - Whether the email is decrypted by an S/MIME gateway or S/MIME client the intended recipient is the only person able to view the message. The recipient can also trust that the message is authentic and unaltered as it is digitally signed by MailMarshal SES with your company’s Private Key.

System Requirements

Processor	Pentium 4 class processor
Disk Space	10GB (NTFS) or higher
Memory	512MB or higher
Operating System	Windows Server 2003 or Windows XP Professional (32-bit only)
Database	(Optional) Microsoft SQL 2005 or SQL Express 2005
Recommended	MailMarshal SMTP version 6.4.5 or later, OR other compatible email gateway with S/MIME routing capabilities

Please note: MailMarshal SMTP does not support 64-bit versions of Windows

Marshal Software Ltd.

Marshal is the global leader in Integrated Email and Internet Content Security solutions. More than seven million users in 18,000 companies worldwide use Marshal's highly acclaimed MailMarshal and WebMarshal solutions to protect their networks, employees, business assets and corporate reputation and to comply with corporate governance and legislation requirements.