Traditionally, on-premises SMTP relays were the means by which messaging and security teams controlled email sending from on-premises applications on behalf of their organizations’ domains. With this control, it was relatively straightforward to protect against brand damage and the loss of sensitive data. It also helped to protect recipients from fraud.
However, as applications modernize and move to the cloud, email sending has changed. Today, it’s often outsourced to services that are offered by cloud service providers or third parties. This means that internal teams are no longer able to regulate a large percentage of the email that underpins their organizations’ identity. This situation is not ideal as the security team would rather control all aspects of their email sending.
In this blog post, we’ll explore how Proofpoint and Amazon have collaborated to give teams control over email sending via cloud applications.
More convenience, more control
For developers, Amazon Web Services (AWS) is a popular choice for developing and modernizing applications. And Amazon Simple Email Service (SES) is a convenient way for applications to send email.
On the other hand, Proofpoint has a lot of benefits for messaging and security practitioners. Our Secure Email Relay (SER), which is now available via AWS Marketplace, allows them to regulate and govern outbound application email in much the same way that they regulate inbound email. However, as mentioned above, app modernization makes this challenging.
Amazon and Proofpoint have teamed up to deliver more convenience and control. Proofpoint SER has now integrated with the Amazon SES Mail Manager feature (launched in April 2024). This means that:
- App developers can continue enjoying the convenience and features of SES.
- Messaging and security teams can apply security controls to those application emails with SER.
How email flows
With the SES Mail Manager feature, emails can be conditionally routed from Amazon SES to Proofpoint SER. At that point, they’re scanned with our industry leading threat detection technologies for malware, spam, sensitive data and more. SER policies are all centrally managed.
From there, Proofpoint SER can perform DKIM-signing and distribute DMARC compliant emails to the internet (Figure 1). Or it can route the email back to Amazon SES for distribution (Figure 2).
Figure 1. With Proofpoint SER, you can apply various security controls—including threat detection, email authentication, encryption or DLP—to application emails before sending them.
Figure 2. Alternatively, you can apply security controls to your application emails using Proofpoint SER and then route them back to Amazon SES for distribution.
Learn more
Come to our joint webinar on December 18 at 9 a.m. PT / 12 p.m. ET / 5 p.m. GMT. Subject-matter experts from both Amazon and Proofpoint will discuss how to set up interoperability between Amazon SES Mail Manager and Proofpoint SER.
They will also explore reference designs so that you can see how the two solutions enhance governance and security controls for outbound application email. At the end, you’ll have an opportunity to engage in a Q&A with the panelists and a team of domain experts.
Visit us at re:Invent
Will you be at AWS re:Invent? If so, make sure to come visit us at the Booth #693 December 2-6, 2024.