Technical specifications
for Retarus E-Mail Security & Compliance Services

The comprehensive solution for virus- and spam-free email communication: offering gateway-based encryption, data processing in Retarus data centers according to local data protection regulations, innovative email management, and tamper-proof archiving.

Features

Retarus E-Mail Security blocks malware such as viruses, spam, phishing mails, ransomware and other digital threats. Patient Zero Detection identifies malware that is unknown at the time it is spread and can therefore penetrate defense mechanisms to reach customer inboxes. This solution allows you to respond quickly to these threats and prevent harmful activity. Retarus’ innovative queueless design analyzes cacheless incoming emails. Emails arrive without delay thanks to minimal throughput time. For maximum security, Retarus continuously updates and optimizes virus scanners and filter methods.

Essential Protection

Directory Filter

InboundOutbound

The Directory Filter rejects incorrectly addressed emails in accordance with RFC. As a result, the processing time of incoming and outgoing emails is significantly faster. Valid addresses are automatically and regularly reconciled with customer systems.

More Information

Furthermore, senders, who appear conspicuous because of attack attempts due to denial of service and directory harvesting attacks, are assigned to a special classification and thus accepted in delay (traffic throttling mechanisms).

  • Protection from denial-of-service and directory harvesting attacks
  • Inbound reputation management – traffic shaping and traffic throttling mechanisms
  • A service that learns dynamically with scoring/penalty system for spam relays
  • Queueless design with checks on the SMTP session level
  • Automatic address book reconciliation from Microsoft Exchange, Lotus Notes/Domino, LDAP
  • Address book reconciliation in time intervals defined by the user
  • Provisions for alias names and other domains
  • Bounce management according to RFC 3461, 3463 and 3464
  • Configuration and manual address entry through the Retarus EAS Portal
  • View in Retarus E-Mail Live Search Monitoring (Tracking Point)
Directory Filter

Directory Filter

Inbound reputation management

InboundOutbound

Along with using Directory Filter functions, the reputation of the senders of incoming emails are checked. An evaluation for sender authorization by validating the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) is carried out. Classified emails that do not pass validation are isolated in a quarantine.

More Information
  • Inbound reputation management – SPF and DKIM validation
  • Notification of deleted infected emails via an email security report (E-Mail Digest)
  • Configuration through the Retarus EAS Portal

AntiVirus MultiScan

InboundOutbound

AntiVirus MultiScan automatically scans incoming and outgoing emails and file attachments for viruses with up to four virus scanners and uses heuristic analysis to protect from unknown malware.

More Information
  • Higher identification rate with up to four virus scanners
  • Protection from unknown viruses using heuristic analysis (Zero-Hour Protection)
  • Elimination of threats before they reach the customer’s infrastructure
  • Continuous updating of virus definitions
  • Notification of deleted infected emails via an email security report (E-Mail Digest)
AntiVirus MultiScan

AntiVirus MultiScan

Phishing Filter

InboundOutbound

The Phishing Filter scans incoming emails in real time for phishing scams. Those in question are either moved to quarantine and flagged as “phishing” or deleted.

More Information
  • Additional URL comparison with specialized real-time sources for known phishing URLs
  • Configuration in the EAS Portal
  • Granular configuration at the global and profile levels
Phishing Filter

Phishing Filter

AntiSpam Management

InboundOutbound

Spam check of incoming emails using rules and tools that are continuously updated. Depending on the service setting, emails classified as spam are flagged or placed in quarantine.

More Information
  • Spam protection with an identification rate of over 99.95%
  • False positive rate of less than 0.0001%
  • Protection from mass non-delivery notifications (backscatter protection)
  • Blacklists and exception lists at the user, profile, domain, and global level
  • Multi-lingual content analysis
  • Content and structure analyses using heuristic methods
  • Upstream bad word filter to meet compliance policies
  • Fingerprint analysis, Bayes algorithms, sender check
  • Continuous updating of intelligent filter, pattern, and identification rules
AntiSpam

Phishing Filter / AntiSpam

Attachment Blocker

InboundOutbound

The Attachment Blocker prevents the receipt of files attached to incoming emails that match criteria defined by the customer. These are files that should be prevented from reaching the company infrastructure, for example .exe, .zip, or Office files with macros.

More Information
  • Blocks undesired email attachments
  • Defines files to be blocked using the file extension
  • Defines files to be blocked using the MIME type
  • Automatic blocks of nested or password-protected archives and unknown MIME types
  • Configurable message options for recipients regarding deleted attachments
  • Option to deliver copies of original mails to administrators
Attachment Blocker

Attachment Blocker

Large E-Mail Handling

InboundOutbound

Retarus Large E-Mail Handling allows recipients to receive large emails despite size limitations defined for the mail server. This means even multi-megabyte messages, such as job applications, balance sheets, patent documents, design drawings, and loan applications will reach their destinations.

More Information
  • Receive large emails regardless of size limitations
  • Flexible configuration of size limitations at the company and profile level
  • User access for downloading emails with simplified user authentication (OneClick token login)
  • Lighter load for email infrastructure and backup systems
  • Quicker restore times, reduction in storage costs
  • Consistent implementation of email policies
Large E-Mail Handling

Large E-Mail Handling

Administration & Analysis

Directory Synchronization

InboundOutbound

In addition to manually maintaining addresses in the Retarus EAS Portal, Automated Directory Synchronization can reconcile addresses automatically with the customer’s address book and directory services.

More Information
  • Reconciliation of address books and directory services from Microsoft (Exchange, Active Directory), IBM Lotus Domino/Notes and LDAP (Directory Synchronization)
  • Reduction of manual administration and maintenance
  • Immediate update of data pool in the Directory Filter
  • Increased protection from directory harvesting attacks
  • Local management of export address data by the customer

Access Management

InboundOutbound

With Access Management in the Retarus Enterprise Administration Services Portal (Retarus EAS Portal), access rights for administrators can be assigned flexibly and according to requirements for e.g. countries, subsidiaries, domains, or departments.
 

  • Granular, hierarchical rights concept for administrators
  • Flexible assignment of access rights to e.g. configurations and evaluations

Monitoring & Reporting

InboundOutbound

In addition to easy management of service instances and user profiles 24/7, the web-based Retarus Enterprise Administration Services Portal (Retarus EAS Portal) offers information about the effectiveness of Retarus E-Mail Security Services. All reporting and monitoring information can be downloaded in a prepared format, offering process transparency that is unique to the market.

More Information
  • Transparent display of all service features
  • Management of service and all additional services
  • Detailed reports and powerful analysis functions
  • Performance monitoring
  • E-Mail Live Search – tracking of all incoming and outgoing emails in real time
  • Setup and management of user profiles
  • Individual management rights for administrators via Access Management
  • Support ticket creation and tracking
  • Documentation
  • Secure access via web browser

Additional Options

Quiet Time

InboundOutbound

Quiet Time allows you to define periods during which employees do not receive external emails, for example, during free time and on weekends. It allows you to define periods during which emails are not delivered to inboxes so that email servers can undergo maintenance.

More Information
  • Configure email-free periods (external emails)
  • Individual settings for different user profiles
  • Secure temporary storage of emails in Retarus data centers
  • Automatic delivery of emails after defined periods expire
  • Bypass function for high-priority emails
  • Emergency button for immediate delivery of emails during email-free periods
Quiet Time

Quiet Time

Inbox Assist

InboundOutbound

Retarus Inbox Assist gives executives, managing directors, department heads, and assistant-supported teams the ability to forward incoming emails automatically to assistants, either exclusively or in copy. This means business correspondence can be presorted and processed immediately. The inbox remains organized and confidential emails remain confidential.

More Information
  • Exclusion of defined senders from forwarding for more privacy
  • Immediate delivery of emails from important contacts overrides assistant forwarding
  • Convenient maintenance of personal contacts
  • Reconciliation of any address book via vCard (Microsoft Outlook, IBM Notes, iCloud, etc.)
  • Automated synchronization of Google contacts
  • Control of assistant forwarding
  • No additional configuration of email server required
Inbox Assist

Inbox Assist

E-Mail Signature

InboundOutbound

According to statutory requirements, business emails must contain signatures, just as they are required for customary business letters in commercial correspondence. Required information includes data that is often changed, such as telephone numbers. Retarus E-Mail Signature helps create and centrally manage signatures and disclaimers quickly and efficiently.

More Information
  • Centralized management of personalized email signatures and disclaimers
  • Easy maintenance using the WYSIWYG editor in the EAS Portal
  • Personalization directly via Active Directory or Lotus Domino/Notes
  • Signature and disclaimer assignment at the profile level
  • Ability to combine any signature with any disclaimer
  • Use of signatures in external emails only
E-Mail Signature

E-Mail Signature

Advanced Threat Protection (ATP)

Deferred Delivery Scan

InboundOutbound

As part of Deferred Delivery Scan (DDS), defined file attachments undergo further analysis using additional re-scan procedures. The delay means that signatures for the engines, which were not there at the time of the initial scan, could exist in the new malware at the time of the quadruple Retarus AntiVirus MultiScan rescan. DDS performs multiple re-scans within a short amount of time. If a virus is detected, Retarus deletes the affected files and informs the intended recipient.

More Information

Higher identification rate due to additional re-scan procedures

  • Effective re-scanning with quadruple Retarus AntiVirus MultiScan
  • Protects from viruses that are unknown at the time
  • Select view of advanced security checks in Retarus E-Mail Live Search Monitoring (Tracking Point)
  • Notification of infected emails via an email security report (E-Mail Digest)
Deferred Delivery Scan

Deferred Delivery Scan

Sandboxing

InboundOutbound

Sandboxing subjects specific file attachments to an in-depth analysis. Attachments that contain potentially malicious code (e.g. files and active elements) are exported to a virtual machine and checked for unusual behavior. Retarus uses a sandboxing solution from the specialized and highly respected third-party provider Palo Alto Networks for this advanced threat assessment. Emails identified as infected are either deleted or quarantined, and the intended recipient is notified.

More Information
  • In-depth checks of email attachments through export to virtual machines
  • Integration of a leading third-party sandboxing solution (Palo Alto) in Retarus E-Mail Security
  • Operated at Retarus (German processing)
  • Notification of infected attachments via E-Mail Security Report
  • Select view of advanced security checks in Retarus E-Mail Live Search Monitoring (Tracking Point)
Sandboxing

Sandboxing

Time-of-Click Protection

InboundOutbound

Time-of-Click Protection automatically re-writes links (URLs) in emails. When recipients click on these links, the links are checked for suspected phishing target addresses. If the target site is not identified as a phishing site, the user is sent directly to it. If the target site is a phishing site, a security warning is issued.

More Information
  • Real-time checks of web links in emails
  • Expanded protection from phishing attacks
  • Effective blocking of phishing websites and warnings for affected users
  • Customer security warnings can be saved (customer design)
  • Select view of advanced security checks in Retarus E-Mail Live Search Monitoring (Tracking Point)
Time-of-Click Protection

Time-of-Click Protection

CxO Fraud Detection

InboundOutbound

CxO Fraud Detection uses algorithms that identify from-spoofing and domain-spoofing, to detect falsified sender addresses (e.g. from high level executives). Emails identified as CxO fraud are not delivered immediately, but rather quarantined.

More Information
  • Identification of fake senders in fraudulent emails (spear phishing)
  • Detailed analysis of email header
  • Algorithms to prevent from-spoofing and domain-spoofing
  • Select view of advanced security checks in Retarus E-Mail Live Search Monitoring (Tracking Point)
  • Notification of deleted infected emails via an email security report (E-Mail Digest)
CxO Fraud

CxO Fraud

Postdelivery Protection

Patient Zero Detection

InboundOutbound

A malware’s signature is still unknown the first time it appears, even to the best virus scanners. In combination with quadruple AntiVirus MultiScan, Patient Zero Detection uses a digital fingerprint to identify emails containing malware that have already been delivered. Relevant alerts are sent according to customer settings. This way, appropriate defensive actions can be taken as quickly as possible.

More Information
  • Identification of the recipient (patient zero) of malicious emails already delivered using a digital fingerprint.
  • Identification using content analysis together with quadruple AntiVirus MultiScan
  • Additional, automated learning from the results of Retarus Advanced Threat Protection (ATP)
  • Alerts sent to administrators (to ensure a quick response)
  • Optional alerts sent to users
  • Cumulative reports for any given period of time
  • Simplified IT forensics
  • Supports the optimization of security settings (e.g., blacklisting)
  • Seamless integration with other services such as Retarus Enterprise E-Mail Archive or Retarus E-Mail Encryption
Patient Zero Detection

Patient Zero Detection

PZD Reacting Process

InboundOutbound

As part of the Patient Zero Detection Reaction Process, Retarus provides consultation on individual options to automatically process Patient Zero Detection notifications.

More Information
  • Detailed, standardized information via administrator notification to support automatic processes used to remove emails from the server
  • Configurable text for alerts (enables the distribution of behavior recommendations that are easy to understand and can be quickly implemented)
  • Reduces the administrative work for IT forensics, support, and the help desk
  • Increases protection through swift response to identified emails

Information Protection & Compliance

E-Mail Encryption/Decryption

InboundOutbound

Outbound emails are transferred from the customer’s email server to Retarus. Emails are identified in Retarus data centers, fully encrypted using customer-specific rules, signed as needed and sent securely to the recipient. This means that the email and all of its file attachments are encrypted.

More Information
  • Compatible with any SMTP-based email system (e.g. Office 365, G Suite, Microsoft Exchange, Lotus Domino/Notes)
  • Complete key management by Retarus: create, distribute, and manage all keys
  • Easy adoption of existing PKIs (public key infrastructures)
  • Gateway-based S/MIME and PGP encryption
  • Full support of the X.509 v3 standard including own certificates
  • Full support of the OpenPGP standard
  • Automatic or user-initiated signature of outgoing emails
  • Ability to include internal company encryption policies
  • Centralized and flexible set of rules for emails that need to be signed
  • Filters for viruses and spam despite encryption
  • TLS connection to the Retarus Global Delivery Network
  • Optional VPN connection for secure and confidential communication over the “last mile”
  • Web email portal or password-protected PDF for encrypted communication with recipients without their own encryption solution
  • Company-wide standardized solution that can be expanded as needed
  • No software and hardware installation required
E-Mail Encryption

E-Mail Encryption

Data Loss Prevention

InboundOutbound

Data Loss Prevention checks emails addressed to external recipients sent by the customer’s users (as part of configuration) for defined patterns, e.g. credit card numbers or bank account numbers (IBAN). If an email contains this type of pattern, it is not sent to external recipients and the sender is notified.

More Information

Furthermore, certain employees, e.g. an administrator or compliance officer, can be informed of the delivery attempt. The affected email is quarantined. In addition, a monitoring entity for all outbound emails is created, for example, a role-based inbox. Senders must be added to the distribution list to be able to send emails.

  • Support for observance of compliance regulations through an expanded monitoring entity for sending emails
  • Transparency through immediate notification of affected senders
  • Optional notification of an administrator or compliance officer
  • Select view of advanced security checks in Retarus E-Mail Live Search Monitoring (Tracking Point)
Data Loss Prevention

Data Loss Prevention

Enterprise E-Mail Archive

InboundOutbound

Enterprise E-Mail Archive offers tamper-proof archiving of business email correspondence. Archived emails cannot be changed, are protected from unauthorized access, and can be found in milliseconds even when the email volume is large.

More Information
  • Automatic archiving of internal and external email correspondence including attachments
  • Encrypted storage of each individual email in original format (MIME) including attachments (used of own certificates possible)
  • Reliable spam and virus checks prior to archiving
  • Tamper-proof storage and data processing according to applicable data protection regulations in Retarus data centers in Europe
  • Storage period may be selected (for example, ten years)
  • Emails cannot be deleted or changed during legally binding retention periods
  • Emails and attachments are received even during system failure or if mailboxes are accidentally deleted
  • Targeted indexing of relevant key data for fast searches
  • Powerful search functions, e.g. search for sender and recipient, as well as file names and types of attachments, or full text
  • Ability to access archived emails and attachments in milliseconds
  • Administrative access for authorized persons according to the double-check principle
  • Easy and secure user access via single sign-on
  • Access irrespective of inbox quota
  • Ability to deliver archived emails and attachments to own business inbox
  • Complete logging of all access attempts and actions
  • Saved emails with attachments (data carriers, other archiving systems) can be migrated
Enterprise E-Mail Archive

Enterprise E-Mail Archive

System Basics

Quarantine Management

InboundOutbound

Simplified email handling for employees and administrators. At customizable points in time, reports sent by email (E-Mail Digests) offer a quick view of the emails flagged for deletion or quarantine by Retarus E-Mail Security Components (AntiVirus MultiScan, AntiSpam, Inbound Reputation Management, Attachment Blocker, Large E-Mail Handling, Deferred Delivery Scan, Sandboxing, CxO-Fraud Detection).

More Information
  • Better structured reports on undeliverable emails (spam, viruses, phishing, graymail, etc.) are sent by email
  • Combined overview of spam, viruses, and graymail via email
  • Online access with simplified user authentication (OneClick token login)
  • Direct access to quarantined emails classified as spam
  • Additional virus scan after retrieval from quarantine
  • Targeted search for emails in quarantine
  • Mobile device support (e.g. iPhone, Android, etc.)
  • User-based quarantine and report settings
  • System-wide configuration via the EAS Portal for administrators

Encrypted Connection to Retarus

InboundOutbound

Maximum protection of customer data: customer systems are connected via TLS (Transport Layer Security) or optional VPN (Virtual Private Network) to the Retarus Global Delivery Network. This makes it impossible to read data exchanged between customers and the Retarus infrastructure even with today’s level of technology.

More Information
  • Connection of customer systems via opportunistic TLS possible
  • Connection of customer systems via enforced TLS possible
  • Connection of customer systems via VPN possible

E-Mail Check

InboundOutbound

Retarus E-Mail Check continuously checks to see if connected customer systems are available and distributes warnings to define contacts in the event of errors.

More Information
  • Continuous check of email server availability
  • Warning sent to defined contacts in the event of errors, e.g. per text message
  • Queuing of incoming emails during system downtime
  • Faster response to system errors

Choose your country or region.