Merce MailGate is a perimeter email security system. It works on the perimeter of an enterprise or campus network, like a firewall does. Its specific purpose is to filter incoming email and remove spams, virus-infected emails, malware, phishing emails, etc

Merce MailGate does not replace an enterprise email system like the ones built into Merce, Microsoft Exchange, or IBM Lotus Notes. An enterprise email system is used for one-on-one communication between individuals both within and outside the organisation. Such systems often have built-in virus filters. However, spams are best dealt with at the perimeter, by a specialised and secure product like Merce MailGate. If all spams were allowed to enter the enterprise email system and then filtered, the filtration would be less effective and there would be danger of the spams completely overwhelming the internal mail servers. Merce MailGate uses special spam filtering technologies which work best when it is deployed in an Internet-facing position at the enterprise or campus perimeter.

Email borne malware is here to stay. Spams and email-borne malware are universal threats to organisations of all categories. It is widely believed that intrusion attempts today aim to penetrate enterprise network defences by attaching malware in emails, not by direct network connection through firewalls.

Spamming is big business. It is widely known that unsolicited bulk email transmission is an extremely profitable activity, and a lot of organisations and private groups work within and outside the law in all parts of the world to send such emails. The highly profitable pornography and prescription drugs industries are big customers of spamming services. Therefore the volumes of spam are expected to grow continuously, worldwide.

Malware and spams far outnumber legitimate emails. Statistics from email security organisations have put the ratio of spams to legitimate emails in the worldwide networks at between 3:1 to 6:1. Most of our customers receive many more spam attempts than legitimate emails. Statistics from Merce MailGate for our larger installations indicate that 75-90% of incoming emails are being blocked by MailGate, and only the balance is legitimate. Smaller organisations appear to get lower percentages of malware and spam.

Every organisation or campus needs Merce MailGate. Merce MailGate is used by organisations of all profiles and sizes. Our smallest customer has fourteen computer users. Our largest customer is a multi-national organisation with many thousand users and offices in about 30 countries.

The perimeter is the right place. If email filtering is moved from the perimeter into the enterprise messaging backbone, then all the unwanted messages will have to be allowed to enter the internal messaging system before being filtered and discarded. This causes two problems. Firstly, many of the detection mechanisms which detect spams are effective only if they receive the incoming SMTP connection directly from the transmitting server. Secondly, the sheer load of spams during a spam assault can destabilise small or moderately sized internal email servers. Therefore, email security is best implemented at the perimeter of the enterprise network.

Merce MailGate supports multiple layers of email security and protection.

Protocol compliance checks whether the remote email server is conforming to the specifications of the SMTP protocol. Most spammers use rudimentary mail transmission software which fail protocol compliance tests.

Recipient validity checks whether the intended recipient is valid and is authorised to receive the incoming email. This blocks "dictionary attacks" and other forms of malware transmission.

Relay blocking checks ensure that the remote server is unable to use the Merce MailGate system to relay malware and spams to other recipients in unrelated destinations.

Sender validity checks ensure that the sender is valid. A set of checks is carried out on the sender's email address and a decision is taken about the level of legitimacy of the message.

Source reputation checks are performed on the source IP address from where the remote (transmitting) server is sending the email. Various groups of source IP addresses are treated with varying degrees of suspicion, based on constantly updated rules.

Virus filters are checks done on the content of the message to eliminate known malware and virus signatures.

Attachment policy enforcement is done on emails to ensure that only those types and sizes of attachments are permitted which corporate policies allow. For instance, almost all Merce MailGate customers wish to prevent transmission of .EXE files over email.

Content filtering is the final stage of the filtering stack, where the body of the message is inspected against hundreds of complex rules and a weighted value is arrived at about the likelihood of the email being a spam. All mails whose weighted count exceeds our cutoff are discarded and low-count messages are accepted.

Messages which pass all these checks are allowed to enter the corporate email system.