Traditionally, on-premises SMTP relays were the means by which Messaging (and Security) Teams controlled email sending from on-premises applications on behalf of their organisations’ domains. With this control, it was straightforward to protect brand identity, which could otherwise result in reputation damage, loss of sensitive information or put recipients at risk of fraud.
As applications modernise and move to the cloud, email sending is often outsourced to services offered by cloud service providers or third parties. This means Messaging (and Security) Teams are no longer able to regulate a large percentage of the email that underpins their organisations’ identity.
For Developers, Amazon Web Services (AWS) is, of course, a popular choice for application development and modernisation. And Amazon Simple Email Service (SES) is a convenient way for applications to send email.
On the other hand, for Messaging and Security practitioners, Proofpoint Secure Email Relay (SER), now available via AWS Marketplace, allows them to regulate and govern outbound application email in much the same way they regulate inbound email. However, as mentioned above, app modernisation makes this challenging.
Using Amazon’s new SES Mail Manager feature (launched in April 2024), Amazon and Proofpoint have collaborated on an integration between SES and Proofpoint SER whereby:
- App Developers can continue enjoying the convenience and features of SES
- Messaging/Security Teams can apply security controls to those application emails
With SES Mail Manager feature, emails can be conditionally routed from Amazon SES to Proofpoint SER where they are scanned with our industry-leading threat detection technologies for malware, spam and/or sensitive data (among other features) using centrally managed policies. From there, Proofpoint SER can perform DKIM-signing and distribute DMARC compliant emails to the internet (see Diagram 1) or it can route the email back to Amazon SES for distribution (see Diagram 2).
Diagram 1: Proofpoint Secure Email Relay allows security teams to apply various security controls, including threat detection, email authentication, encryption or DLP, to application emails before distributing them to the internet.
Diagram 2: Alternatively, you can apply security controls to your application emails using Proofpoint Secure Email Relay and route them back to Amazon SES for distribution.
Join our joint webinar on 18 December at 9 a.m. PT/12 p.m. ET /5 p.m. GMT as subject matter experts from Amazon and Proofpoint discuss how to set up interoperability between Amazon SES Mail Manager and Proofpoint SER. You will also explore reference designs showing how the two solutions enhance governance and security controls for outbound application email. In addition, you’ll have the opportunity to engage in a Q&A with the panellists and a team of domain experts.
For those attending AWS re:Invent, please visit us at the Proofpoint booth no. 693 from 2 to 6 December 2024.