Email Security ServicesTechnical specifications

The comprehensive solution for virus- and spam-free email communication: offering gateway-based encryption, data processing in Retarus data centers according to local data protection regulations, innovative email management, and tamper-proof archiving.

Features

Retarus Email Security blocks malware such as viruses, spam, phishing mails, ransomware and other digital threats. Patient Zero Detection® identifies malware that is unknown at the time it is spread and can therefore penetrate defense mechanisms to reach customer inboxes. This solution allows you to respond quickly to these threats and prevent harmful activity. Retarus’ innovative queueless design analyzes cacheless incoming emails. Emails arrive without delay thanks to minimal throughput time. For maximum security, Retarus continuously updates and optimizes virus scanners and filter methods.

Essential Protection

Directory Filter

InboundOutbound

The Directory Filter rejects incorrectly addressed emails in accordance with RFC. As a result, the processing time of incoming and outgoing emails is significantly faster. Valid addresses are automatically and regularly reconciled with customer systems.
More info
Furthermore, senders, who appear conspicuous because of attack attempts due to denial of service and directory harvesting attacks, are assigned to a special classification and thus accepted in delay (traffic throttling mechanisms).

  • Protection from denial-of-service and directory harvesting attacks
  • Inbound reputation management – traffic shaping and traffic throttling mechanisms
  • A service that learns dynamically with scoring/penalty system for spam relays
  • Queueless design with checks on the SMTP session level
  • Automatic address book reconciliation from Microsoft Exchange, Lotus Notes/Domino, LDAP
  • Address book reconciliation in time intervals defined by the user
  • Provisions for alias names and other domains
  • Bounce management according to RFC 3461, 3463 and 3464
  • Configuration and manual address entry through the Retarus EAS Portal
  • View in Retarus Email Live Search Monitoring (Tracking Point)

Directory Filter

Directory Filter

Inbound reputation management

InboundOutbound

Along with using Directory Filter functions, the reputation of the senders of incoming emails are checked. An evaluation for sender authorization by validating the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) is carried out. Classified emails that do not pass validation are isolated in a quarantine.
More info
  • Inbound reputation management – SPF and DKIM validation
  • Notification of deleted infected emails via an email security report (Email Digest)
  • Configuration through the Retarus EAS Portal

AntiVirus MultiScan

InboundOutbound

AntiVirus MultiScan automatically scans incoming and outgoing emails and file attachments for viruses with up to four virus scanners and uses heuristic analysis to protect from unknown malware.
More info
  • Higher identification rate with up to four virus scanners
  • Protection from unknown viruses using heuristic analysis (Zero-Hour Protection)
  • Elimination of threats before they reach the customer’s infrastructure
  • Continuous updating of virus definitions
  • Notification of deleted infected emails via an email security report (Email Digest)

AntiVirus MultiScan

AntiVirus MultiScan

External Sender
Visibility Enhancement

InboundOutbound

External Sender Visibility Enhancement flags incoming emails sent by an external sender pretending to have the same sender domain as that of the recipient’s company network (spoofing). This feature makes it easier to detect spoofed sender addresses.
More info
  • Validation of incoming emails (external relay) that use a customer domain in the sender address (MIME-FROM)
  • Flagging of suspicious emails with visual indicators such as pre-defined Unicode characters or text at the beginning of the sender field (friendly name)

External Sender Visibility Enhancement

External Sender Visibility Enhancement

Phishing Filter

InboundOutbound

The Phishing Filter scans incoming emails in real time for phishing scams. Those in question are either moved to quarantine and flagged as “phishing” or deleted.
More info
  • Also detects phishing emails that are not intercepted by virus scanners or spam filters
  • Query of several databases of renowned specialist providers
  • Optional quarantine or immediate deletion (configuration via EAS Portal)

Phishing Filter

Phishing Filter

AntiSpam Management

InboundOutbound

Spam check of incoming emails using rules and tools that are continuously updated. Depending on the service setting, emails classified as spam are flagged or placed in quarantine.
More info
  • Spam protection with an identification rate of over 99.95%
  • False positive rate of less than 0.0001%
  • Protection from mass non-delivery notifications (backscatter protection)
  • Blacklists and exception lists at the user, profile, domain, and global level
  • Multi-lingual content analysis
  • Content and structure analyses using heuristic methods
  • Upstream bad word filter to meet compliance policies
  • Fingerprint analysis, Bayes algorithms, sender check
  • Continuous updating of intelligent filter, pattern, and identification rules

AntiSpam

Phishing Filter / AntiSpam

Attachment Blocker

InboundOutbound

The Attachment Blocker prevents the receipt of files attached to incoming emails that match criteria defined by the customer. These are files that should be prevented from reaching the company infrastructure, for example .exe, .zip, or Office files with macros.
More info
  • Blocks undesired email attachments
  • Defines files to be blocked using the file extension
  • Defines files to be blocked using the MIME type
  • Automatic blocks of nested or password-protected archives and unknown MIME types
  • Configurable message options for recipients regarding deleted attachments
  • Option to deliver copies of original mails to administrators

Attachment Blocker

Attachment Blocker

Large Email Handling

InboundOutbound

Retarus Large Email Handling allows recipients to receive large emails despite size limitations defined for the mail server. This means even multi-megabyte messages, such as job applications, balance sheets, patent documents, design drawings, and loan applications will reach their destinations.
More info
  • Receive large emails regardless of size limitations
  • Flexible configuration of size limitations at the company and profile level
  • User access for downloading emails with simplified user authentication (OneClick token login)
  • Lighter load for email infrastructure and backup systems
  • Quicker restore times, reduction in storage costs
  • Consistent implementation of email policies

Large E-Mail Handling

Large Email Handling

Administration & Analysis

Directory Synchronization

InboundOutbound

In addition to manually maintaining addresses in the Retarus EAS Portal, Automated Directory Synchronization can reconcile addresses automatically with the customer’s address book and directory services.
More info
  • Reconciliation of address books and directory services from Microsoft (Exchange, Active Directory, Azure Active Directory (AAD) for Office 365), HCL Notes Domino and LDAP (Directory Synchronization)
  • Reduction of manual administration and maintenance
  • Immediate update of data pool in the Directory Filter
  • Increased protection from directory harvesting attacks
  • Local management of export address data by the customer

Access Management

InboundOutbound

With Access Management in the Retarus Enterprise Administration Services Portal (Retarus EAS Portal), access rights for administrators can be assigned flexibly and according to requirements for e.g. countries, subsidiaries, domains, or departments.
 

  • Granular, hierarchical rights concept for administrators
  • Flexible assignment of access rights to e.g. configurations and evaluations

Forensic SIEM Integration

InboundOutbound

Forensic SIEM Integration offers events you can subscribe to that enrich your data stream with details about email security.
More info

Forensic SIEM Integration

Forensic SIEM Integration

Monitoring & Reporting

InboundOutbound

In addition to easy management of service instances and user profiles 24/7, the web-based Retarus Enterprise Administration Services Portal (Retarus EAS Portal) offers information about the effectiveness of Retarus Email Security Services. All reporting and monitoring information can be downloaded in a prepared format, offering process transparency that is unique to the market.
More info
  • Transparent display of all service features
  • Management of service and all additional services
  • Detailed reports and powerful analysis functions
  • Performance monitoring
  • Email Live Search – tracking of all incoming and outgoing emails in real time
  • Setup and management of user profiles
  • Individual management rights for administrators via Access Management
  • Support ticket creation and tracking
  • Documentation
  • Secure access via web browser

Additional Options

Quiet Time

InboundOutbound

Quiet Time allows you to define periods during which employees do not receive external emails, for example, during free time and on weekends. It allows you to define periods during which emails are not delivered to inboxes so that email servers can undergo maintenance.
More info
  • Configure email-free periods (external emails)
  • Individual settings for different user profiles
  • Secure temporary storage of emails in Retarus data centers
  • Automatic delivery of emails after defined periods expire
  • Bypass function for high-priority emails
  • Emergency button for immediate delivery of emails during email-free periods

Quiet Time

Quiet Time

Email Signature

InboundOutbound

According to statutory requirements, business emails must contain signatures, just as they are required for customary business letters in commercial correspondence. Required information includes data that is often changed, such as telephone numbers. Retarus Email Signature helps create and centrally manage signatures and disclaimers quickly and efficiently.
More info
  • Centralized management of personalized email signatures and disclaimers
  • Easy maintenance using the WYSIWYG editor in the EAS Portal
  • Personalization directly via Active Directory or HCL Lotus Domino
  • Signature and disclaimer assignment at the profile level
  • Ability to combine any signature with any disclaimer
  • Use of signatures in external emails only

E-Mail Signature

Email Signature

Advanced Threat Protection (ATP)

Deferred Delivery Scan

InboundOutbound

As part of Deferred Delivery Scan (DDS), defined file attachments undergo further analysis using additional re-scan procedures. The delay means that signatures for the engines, which were not there at the time of the initial scan, could exist in the new malware at the time of the quadruple Retarus AntiVirus MultiScan rescan. DDS performs multiple re-scans within a short amount of time. If a virus is detected, Retarus deletes the affected files and informs the intended recipient.
More info
Higher identification rate due to additional re-scan procedures

  • Effective re-scanning with quadruple Retarus AntiVirus MultiScan
  • Protects from viruses that are unknown at the time
  • Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)
  • Notification of infected emails via an email security report (Email Digest)

Deferred Delivery Scan

Deferred Delivery Scan

Sandboxing

InboundOutbound

Sandboxing subjects specific file attachments to an in-depth analysis. Attachments that contain potentially malicious code (e.g. files and active elements) are exported to a virtual machine and checked for unusual behavior. Retarus uses a sandboxing solution from the specialized and highly respected third-party provider Palo Alto Networks for this advanced threat assessment. Emails identified as infected are either deleted or quarantined, and the intended recipient is notified.
More info
  • In-depth checks of email attachments through export to virtual machines
  • Integration of a leading third-party sandboxing solution (Palo Alto) in Retarus Email Security
  • Operated at Retarus (German processing)
  • Notification of infected attachments via Email Security Report
  • Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)

Sandboxing

Sandboxing

Time-of-Click Protection

InboundOutbound

Time-of-Click Protection automatically re-writes links (URLs) in emails. When recipients click on these links, the links are checked for suspected phishing target addresses. If the target site is not identified as a phishing site, the user is sent directly to it. If the target site is a phishing site, a security warning is issued.
More info
  • Real-time checks of web links in emails
  • Expanded protection from phishing attacks
  • Effective blocking of phishing websites and warnings for affected users
  • Customer security warnings can be saved (customer design)
  • Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)

Time-of-Click Protection

Time-of-Click Protection

CxO Fraud Detection

InboundOutbound

CxO Fraud Detection uses algorithms that identify from-spoofing and domain-spoofing, to detect falsified sender addresses (e.g. from high level executives). Emails identified as CxO fraud are not delivered immediately, but rather quarantined.
More info
  • Protection against emails with fake sender („spoofing“ or „impersonation attacks“)
  • Combination of different detection methods and algorithms:
    • Analysis of header information
    • Recognition of similar looking domains or character sets (domain similarity)
    • Recognition of fake sender names, e.g. the customer’s own CEO
  • Delivery of legitimate external email secured via email authentication (SPF) and whitelisting

CxO Fraud

CxO Fraud

Postdelivery Protection

Patient Zero Detection®

InboundOutbound

A malware’s signature is still unknown the first time it appears, even to the best virus scanners. In combination with quadruple AntiVirus MultiScan, Patient Zero Detection® uses a digital fingerprint to identify emails containing malware that have already been delivered. Relevant alerts are sent according to customer settings. This way, appropriate defensive actions can be taken as quickly as possible.
More info
  • Identification of the recipient (patient zero) of malicious emails already delivered using a digital fingerprint.
  • Identification using content analysis together with quadruple AntiVirus MultiScan
  • Additional, automated learning from the results of Retarus Advanced Threat Protection (ATP)
  • Alerts sent to administrators (to ensure a quick response)
  • Optional alerts sent to users
  • Cumulative reports for any given period of time
  • Simplified IT forensics
  • Supports the optimization of security settings (e.g., blacklisting)
  • Seamless integration with other services such as Retarus Enterprise Email Archive or Retarus Email Encryption

<img class="size-full wp-image-31231" src="https://www.retarus.com/de/wp-content/uploads/sites/2/2018/01/retarus-email-security-patient-zero-detection.png" alt="Patient Zero Detection®” width=”1890″ height=”432″>Patient Zero Detection®

PZD Real-Time Response

InboundOutbound

With Patient Zero Detection® Real-Time Response, Patient Zero Detection® findings can be rule-based processed to identify and automatically move or delete potentially dangerous emails in a user’s mailbox.
More info
  • Detailed, standardized information via administrator notification to support automatic processes used to remove emails from the server
  • Configurable text for alerts (enables the distribution of behavior recommendations that are easy to understand and can be quickly implemented)
  • Reduces the administrative work for IT forensics, support, and the help desk
  • Increases protection through swift response to identified emails

PZD Real-Time Response

PZD Real-Time Response

Information Protection & Compliance

Email Encryption/Decryption

InboundOutbound

Outbound emails are transferred from the customer’s email server to Retarus. Emails are identified in Retarus data centers, fully encrypted using customer-specific rules, signed as needed and sent securely to the recipient. This means that the email and all of its file attachments are encrypted.
More info
  • Compatible with any SMTP-based email system (e.g. Office 365, G Suite, Microsoft Exchange, HCL Notes Domino)
  • Complete key management by Retarus: create, distribute, and manage all keys
  • Easy adoption of existing PKIs (public key infrastructures)
  • Gateway-based S/MIME and PGP encryption
  • Full support of the X.509 v3 standard including own certificates
  • Full support of the OpenPGP standard
  • Automatic or user-initiated signature of outgoing emails
  • Ability to include internal company encryption policies
  • Centralized and flexible set of rules for emails that need to be signed
  • Filters for viruses and spam despite encryption
  • TLS connection to the Retarus Global Delivery Network
  • Optional VPN connection for secure and confidential communication over the “last mile”
  • Web email portal or password-protected PDF for encrypted communication with recipients without their own encryption solution
  • Company-wide standardized solution that can be expanded as needed
  • No software and hardware installation required

E-Mail Encryption

Email Encryption

Data Loss Prevention

InboundOutbound

Data Loss Prevention checks emails addressed to external recipients sent by the customer’s users (as part of configuration) for defined patterns, e.g. credit card numbers or bank account numbers (IBAN). If an email contains this type of pattern, it is not sent to external recipients and the sender is notified.
More info
Furthermore, certain employees, e.g. an administrator or compliance officer, can be informed of the delivery attempt. The affected email is quarantined. In addition, a monitoring entity for all outbound emails is created, for example, a role-based inbox. Senders must be added to the distribution list to be able to send emails.

  • Support for observance of compliance regulations through an expanded monitoring entity for sending emails
  • Transparency through immediate notification of affected senders
  • Optional notification of an administrator or compliance officer
  • Select view of advanced security checks in Retarus Email Live Search Monitoring (Tracking Point)

Data Loss Prevention

Data Loss Prevention

Enterprise Email Archive

InboundOutbound

Enterprise Email Archive offers tamper-proof archiving of business email correspondence. Archived emails cannot be changed, are protected from unauthorized access, and can be found in milliseconds even when the email volume is large.
More info
  • Automatic archiving of internal and external email correspondence including attachments
  • Encrypted storage of each individual email in original format (MIME) including attachments (used of own certificates possible)
  • Reliable spam and virus checks prior to archiving
  • Tamper-proof storage and data processing according to applicable data protection regulations in Retarus data centers in Europe
  • Storage period may be selected (for example, ten years)
  • Emails cannot be deleted or changed during legally binding retention periods
  • Emails and attachments are received even during system failure or if mailboxes are accidentally deleted
  • Targeted indexing of relevant key data for fast searches
  • Powerful search functions, e.g. search for sender and recipient, as well as file names and types of attachments, or full text
  • Ability to access archived emails and attachments in milliseconds
  • Administrative access for authorized persons according to the double-check principle
  • Easy and secure user access via single sign-on
  • Access irrespective of inbox quota
  • Ability to deliver archived emails and attachments to own business inbox
  • Complete logging of all access attempts and actions
  • Saved emails with attachments (data carriers, other archiving systems) can be migrated

Enterprise Email Archive

Enterprise Email Archive

Dynamic Mail Routing

User-based Routing / Address Rewriting

InboundOutbound

Within the scope of User-Based Routing, Retarus delivers emails for specified recipients (user-based) within a domain to specific target servers.
Address Rewriting provides the ability to automatically rewrite email addresses of recipients for the customer domain. The so-called “Envelope-To”-recipient will be changed according to the customer’s specifications (e.g. from …@customerdomain.de to …@customerdomain.com).
More info
  • Practical support in the use of different addresses
  • Uniform domain for external communication with different internal target addresses
  • Facilitation in transition phases, e.g. the integration of company acquisitions
  • Customizing as required

System Basics

Quarantine Management

InboundOutbound

Simplified email handling for employees and administrators. At customizable points in time, reports sent by email (Email Digests) offer a quick view of the emails flagged for deletion or quarantine by Retarus Email Security Components (AntiVirus MultiScan, AntiSpam, Inbound Reputation Management, Attachment Blocker, Large Email Handling, Deferred Delivery Scan, Sandboxing, CxO-Fraud Detection).
More info
  • Better structured reports on undeliverable emails (spam, viruses, phishing, graymail, etc.) are sent by email
  • Combined overview of spam, viruses, and graymail via email
  • Online access with simplified user authentication (OneClick token login)
  • Direct access to quarantined emails classified as spam
  • Additional virus scan after retrieval from quarantine
  • Extended search capabilities, e.g. for attachments and quarantine reason
  • Distinct color bar visualization based on actual threat level (i.e. from yellow to red)
  • New detailed view with further information about each email
  • Mobile device support (e.g. iPhone, Android, etc.)
  • User-based quarantine and report settings
  • System-wide configuration via the EAS Portal for administrators
Quarantäne Management

Quarantäne Management – Mobile

Quarantäne Management

Quarantäne Management – Mobile

Quarantäne Management

Quarantäne Management – Desktop

Quarantäne Management

Quarantäne Management – Desktop

Encrypted Connection to Retarus

InboundOutbound

Maximum protection of customer data: customer systems are connected via TLS (Transport Layer Security) or optional VPN (Virtual Private Network) to the Retarus Global Delivery Network. This makes it impossible to read data exchanged between customers and the Retarus infrastructure even with today’s level of technology.
More info
  • Connection of customer systems via opportunistic TLS possible
  • Connection of customer systems via enforced TLS possible
  • Connection of customer systems via VPN possible

Email Check

InboundOutbound

Retarus Email Check continuously checks to see if connected customer systems are available and distributes warnings to define contacts in the event of errors.
More info
  • Continuous check of email server availability
  • Warning sent to defined contacts in the event of errors, e.g. per text message
  • Queuing of incoming emails during system downtime
  • Faster response to system errors