Trustifi’s Inbound Shield can be seamlessly integrated into an organization’s email environment, providing protection from threats such as phishing, spoofing, spam, impersonation and much more.
This technical document outlines the different architectures for performing inbound integration deployment, which are described in detail below.
If you are not sure which deployment method would work best for your organization or if you like to get more information about integrating with Trustifi, please contact support@trustificorp.com .
Inbound Email relay
Overview
This architecture involves Trustifi setting up mail flow connectors in the organization’s email environment to route incoming email traffic to Trustifi before the emails arrive at the recipient’s mailbox.
After Trustifi finishes scanning and processing, emails that are not quarantined will be sent back to the organization’s email server which will, in turn, send the email to the recipient’s mailbox.
Advanced cloud-based email systems like Office 365 and Google Workspaces also allow creating custom mail flow rules to control the traffic routing to Trustifi. This can be used for purposes of a limited-scope deployment, or a proof of concept/trial.
Technical documents for this integration:
When should this architecture be used
Deployment of the inbound email relay is possible for any organization that uses an SMTP mail system with an ability to create mail flow/routing connectors.
Most commonly the inbound email relay is deployed on Office 365, Exchange Hybrid, and Google Workspaces, however integration with other mail systems is possible as well.
It is also possible to use this relay architecture inline with an additional inbound security system like a Secure Email Gateway (SEG). In this scenario, incoming email traffic will first go through the SEG and then be sent to Trustifi before being sent back to the recipient’s email server.
MX record change
Overview
This method of deployment involves changing the default MX record of the domain to Trustifi’s MX record.
Making this change will cause all inbound email traffic to be routed to Trustifi, where incoming emails will be scanned and processed before being sent to the organization’s email server.
When using this architecture there is no ability to set custom conditions by which email traffic will be sent to Trustifi, as the MX record change applies by default to the entire domain.
Technical document for this integration: MX integration guide
When should this architecture be used
Deployment of Trustifi inbound protection via MX record change is most commonly used in email environments that do not have the ability to create custom mail flow connectors and rules, for example on-premises email systems.
API integration
Overview
Using the Microsoft Graph API, organizations using Office 365 can use Trustifi to scan inbound emails without making any architectural mail-flow changes.
The integration process is very quick – all that is required is to enable the API integration from the Trustifi portal using the Office365 admin’s credentials, and then selecting which mailboxes in the organization should be protected.
When an email comes into a protected mailbox, the API will immediately move the email away to the “Archive” folder while it is being scanned by Trustifi. Once the scan process is completed, emails that should not be quarantined will be returned to the inbox.
Technical document for this integration: API integration guide
When should this architecture be used
This method is deployment is available only for organizations using Office 365. Using the API scan method is suitable for clients who are not looking to make any architectural mail-flow changes, or clients who are looking to try Trustifi out on a small amount of mailboxes before committing to another deployment method like the inbound relay.
Journaling mode
Overview
Journaling mode is a deployment method which is based on the inbound email relay architecture.
When deploying Trustifi in journaling mode, the original email traffic is not routed to Trustifi or altered in any way. Instead, Trustifi will receive a copy of incoming emails which will be scanned and processed to determine if any threats are found within.
Technical documents for this integration:
Organizations using cloud-based email systems like Office 365 or Google Workspaces can still take actions if threats are found, and find and remove dangerous emails from recipient mailboxes using the Threat Response tool.
When should this architecture be used
Using journaling mode is available to organizations using Office 365, Exchange hybrid, or Google Workspaces.
This mode is recommended for clients who want to use Trustifi’s ability to scan emails and find threats, but without modifying mail flow or sending emails to quarantine.
Journaling mode is also useful for clients who want to try Trustifi out as a proof of concept, before enabling full protection and allowing dangerous emails to go into quarantine.