Trustifi’s email solutions can be seamlessly integrated into an organization’s email environment, providing a secure and encrypted email communication channel, enabling the application of custom Data Loss Prevention (DLP) rules and policies, and monitoring suspicious user activity.
This technical document outlines two different architectures for performing outbound integration deployment, which are described in detail below.
If you are not sure which deployment method would work best for your organization or if you like to get more information about integrating with Trustifi, please contact support@trustificorp.com .
“Trustifi MTA” architecture
Overview
This architecture involves Trustifi setting up an outbound (send) connector in the organization’s email environment that will route mail flow to Trustifi’s secure SMTP relay. The email will then be processed by Trustifi and will be sent out using Trustifi’s MTA via Amazon SES.
In email environments that support creation of custom mail-flow rules, such as Office 365 and Google Workspaces, it is also possible to perform limited-scope deployments for a proof of concept (POC).
Note: using this architecture, every integrated domain will have to be verified in Trustifi by adding custom DNS records. More details can be found in our domain verification guide.
Technical documents for this integration:
Pros
- Quick and easy setup – only requires one connector to be set up
- Fewer SMTP “hops” compared to the “Your MTA” architecture means emails are sent slightly quicker
- Available for both Google Workspace and Office365
Cons
- Requires the addition of Trustifi’s DNS records via the domain verification process
- Some technical constrains exist due to limitations in Amazon SES:
- Attachments over 40mb will be automatically encrypted
- Emails sent to groups and members of those groups may be received duplicated
- Emails with a body size over 15mb will be compressed
“Your MTA” architecture
Overview
Using this architecture, emails are processed by Trustifi and then sent back to the client’s own email server so the email may be sent using their MTA.
Mail flow will occur as following:
The email is sent to Trustifi’s secure SMTP relay using a send connector > Trustifi processes the email and applies encryption and other policies based on your settings > Trustifi sends the email back to your MTA > Your MTA sends the email out to the final recipient.
It is possible to use this email architecture to perform limited-scope deployments for a proof of concept (POC).
This architecture does not require domain verification.
Technical documents for this integration:
Deployment in Office365 or Exchange hybrid
Pros
- The email is sent from the sender’s own MTA and therefore automatically authenticated
- No need to perform domain verification
- The technical constraints that exist in the “Trustifi MTA” (see above) architecture do not exist
Cons
- Requires setting up an additional connector to receive emails
- Adds an additional hop to the mail flow (though this does not significantly affect sending times)
- Is only available for Office365 and Exchange Hybrid
- The “Delivered” event in outbound email tracking is not supported