Debunking myths about Email Security Gateways

Don’t believe all that you read. Even within the email security industry, we’ve been seeing some alarmingly misleading information circulating about email security gateways.

The good news is that email security gateways are – thanks to the very nature of SMTP – the most efficient and effective approach to email security. To dispel any lingering doubts, here are some reassuring truths about Libraesva email security that set the record straight!

Email Security Gateway myths

No, you don’t have to turn off Microsoft or Google email security

Multiple layers of protection can co-exist. Routing inbound email traffic through the gateway and disabling security checks are two entirely independent configurations. This means it’s up to you to decide whether to keep Office 365 or Google security checks in place when you have an email security gateway – you can always choose whether to accept any false positives that the second layer provides.

No, attackers cannot bypass the security gateway

The correct configuration of Office 365 or Google Workspace (G Suite) involves blocking inbound email except from the security gateway – any attempt to bypass the gateway will result in email rejection.

Yes, scanning outbound and internal email is possible with an email security gateway
Scanning inbound email is, of course, the main purpose of any email security solution.

Scanning outbound email provides additional security features, like account takeover protection and our AI-driven Adaptive Trust Engine. This enhances your level of protection by learning from legitimate communication patterns and identifying anomalies.

Scanning internal email traffic is also possible if required. 

Yes, the email security gateway detects and blocks compromised accounts.
We provide a full set of features for account takeover protection: automatic detection of account abuse, early alerting, and easy manual disablement of compromised mailboxes.

Yes, BEC, whaling, and impersonation attacks are detected and blocked by email security gateways
Libraesva ESG includes an engine specifically designed to prevent business email compromise (BEC) and whaling: any impersonation attempt is blocked and a notification is immediately sent to you.

Our Adaptive Trust Engine automatically highlights unusual senders, using AI to detect and block impersonation attempts.

No, there’s no need to give full administrative control of your Microsoft or Google tenant to third parties
By updating the MX record, you can route all inbound email traffic to your security gateway – it’s simple to manage, and you can retain control.

No, email security doesn’t have to be complicated
SMTP is specifically designed for relaying messages through different gateways. An email security gateway fits perfectly with SMTP design principles – adding additional complexity is unnecessary, increasing risk and weakening security.

The email security gateway directly manages the SMTP conversation with sending servers – it talks to the source to obtain complete and reliable transport information. Any subsequent email security solution that relies on analysing the message at a later stage can only rely on the information contained in email headers, which is not the full picture.

Yes, an email security gateway is independent of your email solution
With Libraesva ESG, you can change provider, or move to or from the cloud – being agnostic means it will follow your choices and provide additional features wherever APIs are available. There’s no vendor lock-in.

Secure Email Gateway

Libraesva Email Security is an Integrated Email Security Solution. It delivers advanced security for cloud-based email platforms. Email Security protects Microsoft 365 and Google Workspace using multiple layers of protection, both at the Gateway and API layers, so multiple solutions are not needed. Email threats like phishing attacks, email fraud, and BEC are stopped before reaching their target.

Libraesva Email Security filters all internal emails as well as inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. It provides both spam filtering and spam protection against advanced threats like phishing, malspam, business email compromise, and account takeover.