The Top 11 Email Security Gateways

SpamTitan Email Security is a leading secure email gateway platform that provides comprehensive protection against email threats including spam, malware, ransomware and phishing attacks. SpamTitan is built on a powerful spam filtering platform, with a market leading catch rate of 99.99% and a false positive rate of 0.0003%. Alongside spam filtering, SpamTitan Email Security provides advanced protection against sophisticated phishing attacks, scanning all inbound emails in real time and filtering out malicious content, including links to phishing webpages and malicious attachments.

SpamTitan Email Security provides top threat protection against both inbound and outbound email threats. The platform provides multi-layered threat protection for inbound emails, with CEO Impersonation protection, phishing and protection, URL analysis, attachment sandboxing, ransomware protection, SPF/DKIM/DMARC checking and encryption. SpamTitan prevents phishing and whaling attacks by scanning inbound emails in real time, providing a strong level of inbox protection.

Alongside inbound email, SpamTitan Email Security allows admins to set up powerful data leak prevention rules which help to stop outbound email data loss. SpamTitan Email Security allows admins to easily configure their threat protection policies, including the ability to set allow/deny lists, customize DLP rules and set policies by user, domain and domain group.

SpamTitan Email Security is an accessible and easy to manage platform, with a comprehensive SEG feature set. The service is simple to use, and easy to deploy, easily integrating with existing email systems. SpamTitan Email Security works well as an extra layer of security for Office 365 accounts, providing enhanced threat protection and reporting for Office 365 email users. This protection is backed by their responsive and knowledge technical support team. SpamTitan Email Security is popular with customers, who praise the service for its ease of deployment, cost-effective pricing and high-quality technical support. We recommend SpamTitan Email Security as an easy to manage email security solution for SMBs, enterprises, MSPs and resellers.

IRONSCALES provides fast, powerful protection against threats within the email inbox. They offer two paid packages (Email Protect™ and Complete Protect™), which provide anti-phishing protection combined with integrated security and awareness training, all of which are administered from a single console. IRONSCALES is a fully cloud-based platform, perfect for use with Office 365 and G Suite. Implementation can be completed in as few as two clicks and no MX record changes are ever needed. In testing, it detected phishing threats missed by Office 365 and other leading email security solutions. IRONSCALES provides powerful protection against sophisticated social engineering attacks, such as phishing and business email compromise.

IRONSCALES utilizes AI-driven security tools, combined with human intelligence from end-users, to identify malicious emails, and remove them from users’ inboxes automatically.

Additionally, IRONSCALES allows businesses to implement a ‘report phish’ button directly into end-user email clients. This works on all devices and is fully customizable. It allows users to report suspicious emails, which reduces dwell time. According to admin policy, when an end-user reports an email, a warning will display to other users who receive the same or similar email, or alternatively, the email will be quarantined. IRONSCALES also provides a full suite of security awareness training and phishing simulation, with customizable phishing templates and engaging training materials.

Customers praise IRONSCALES for making the management of phishing threats much easier on a broad scale. Admins report that in many cases, IRONSCALES has allowed them to remove phishing emails from inboxes with ease, stopping attacks before they happen. Customers also praise the ease of deployment. IRONSCALES integrates very well with cloud-based email providers, such as Office 365 and G-Suite. IRONSCALES is a great option for organizations that are happy with their level of spam filtering but need additional protection from advanced email threats, such as phishing, insider threats, and business email compromise.  IRONSCALES also now offers protection against malicious links and attachments in Microsoft Teams environments.

Read our review of IRONSCALES here.

Trustifi is an email security and encryption provider that helps organizations to secure their inbound and outbound email communications against email threats such as phishing, account takeover and email-delivered malware. Trustifi combines advanced inbound threat protection that scans emails for malicious content, with outbound email encryption that ensures the protection of sensitive data at rest, in storage and in transit. Compatible with local email clients, Office 365 Outlook and Google Workspace, Trustifi helps organizations secure their inboxes and stay compliant, no matter which platform they’re using to communicate.

Trustifi’s inbound email security technology scans all email communications for malicious content such as spam, viruses, malware and phishing attempts. The platform ranks each email according to its threat level and threat type, ranging from “Authenticated” through to warnings such as “Impersonation Attack”. The solution then quarantines or removes malicious emails as per admin-configured policies. Trustifi also offers address white- and blacklisting, to help organizations avoid repeat attacks from known malicious actors and ensure that known external senders’ emails aren’t mistakenly quarantined. In addition to its inbound security, Trustifi offers AES 256-bit encryption for all outbound emails, helping to ensure that all sensitive information is sent securely and in line with regulatory standards, such as HIPAA, GDPR and FINRA. To ensure maximum security, admins can require that recipients verify themselves with 2FA before they’re able to open an encrypted email – but they don’t have to set up their own account with Trustifi.

Trustifi’s solution deploys via API integration, so is quick and easy to set up. It comes with pre-configured, default settings in place so that, once deployed, it instantly provides threat protection. Admins can then log in to set up more granular inbound and outbound email security configurations. Trustifi is praised by customers for its ease of use, both from an admin and end user perspective, and we recommend it as a powerful, user-friendly solution for organizations of any size looking to secure their inboxes against threats such as phishing, as well as encrypt their most sensitive email content.

Abnormal Security is a cloud email security platform that provides comprehensive protection against the full spectrum of email attacks from business email compromise to account takeover. 

Abnormal uses behavioral AI models to create a baseline of your email environment, enabling threat protection systems to accurately detect and automatically block malicious email content from being delivered to users. Abnormal Security was founded in 2018, and currently protects over 10% of Fortune 500 companies with customers across all industries.

These behavioral models instantly detect malicious email content and block inbound and internal email threats. Abnormal also monitors and protects internal email accounts to identify and remediate compromised accounts. By understanding the known good across identity behavior, content, and tone, Abnormal can identify users that display unusual behaviors and remediate the accounts by logging users out of active sessions and requiring a password reset.

Abnormal is a powerful email security platform that has developed as a well-established, cloud-based alternative to email security gateway providers. Recognized as a ‘Microsoft Preferred Solution’ and selected by Microsoft for its email defense capabilities, the solution is deployed via API and can be launched across cloud email environments in minutes. The platform integrates natively with the Microsoft 365 and Google Workspace to provide enhanced protection and a seamless user experience. For this reason, we’d highly recommend this service for organizations using Microsoft 365 or Google Workspace, looking for enhanced email security.

Libraesva ESG is an integrated email security solution which uses multiple protective layers to protect Microsoft 365, Exchange, and Google Workspace, both at the gateway and API layers, so email threats like email fraud, BEC and phishing attacks are thwarted before they can even reach their intended targets.

This is a full-featured solutions offering users a range of useful capabilities. There is spoofing protection, which lets you identify and block imposters and prevent others from spoofing you by using a combination of SPF, DKIM and DMARC authentication techniques, and threat remediation, which facilitated the removal of malicious emails from users’ inboxes, meaning emails are either deleted or stored for further analysis.

The threat analysis portal is an all-in-one dashboard providing enhanced visibility into email attacks and trend data for the organizations, benchmarked against Libraesva global data. The solution also prevents the delivery of malicious files via deep inspection and documentation sanitation, provides one-click protection which intelligently scans all links for evasive behavior to steep users away from unsafe websites, and encrypts emails end-to-end with the on-demand encryption engine. Email continuity prevents downtime from impacting productivity, and the available mobile app lets users manage Microsoft 365, Exchange, and Google Workspace even when away from their desks.

Libraesva ESG delivers advanced protection for cloud-based email platforms with complete protection against advanced threats and attacks and is easy to deploy, with granular configurability. The solution is well-suited to medium and large enterprises or educational clients interested in cost-effective email protection with high levels of visibility and customization.

Proofpoint is a market leading email security gateway, and the world’s largest email security vendor, with annual revenues of over $1bn. Proofpoint Essentials is Proofpoint’s solution for small and mid-sized organizations.  Essentials is a strong solution for email protection, encryption, archiving and continuity, delivered as a single platform, with a single admin console. Proofpoint have an unparalleled visibility into email threats with their global threat intelligence platform that spans email, social and mobile. Other vendors rely on third party threat intelligence, which can be less accurate. Proofpoint collect and analyse more than 100 billion data points a day from more than 100 million email inboxes, 200 million social-media accounts, and 7 million mobile apps. Proofpoint secure more than 50% of the Fortune 100, the top 5 banks globally and 7 of the top 10 global retailers.

Proofpoint provide the best protection against email threats, with effective spam protection and detection, powerful URL defense and dynamic content filtering. Essentials is a cost-effective solution, with many features such as archiving, and encryption included as part of the Professional package that would otherwise be expensive add-ons. Essentials provides a range of reports and logs to give you more control and awareness over your email network. Proofpoint’s admin console is modern, providing granular controls and improved threat reporting. With Essentials, Proofpoint provides organizations with enterprise class email security at a cost effective price point. It’s an ideal solution for businesses and MSPs, with easy set-up, deployment, and competitive pricing. Proofpoint is also a good option for teams using Office 365, as it offers Azure Active Directory Sync, meaning deployment is seamless and new users are automatically added.

Proofpoint Essentials has recently launched a new feature set to help protect organizations against advanced email threats. This includes one-click message pull, enabling admins to remove suspicious emails directly from user inboxes, predictive URL defense, advanced protection against business email compromise attacks, and predictive warning banners, displayed on email messages to warn users of suspicious activity. These features are available as part of Proofpoint’s Business+, Advanced+ and Professional+ packages.

Mimecast is a leading vendor in the email security space, protecting more than 40,000 organizations globally. They offer one of the most fully featured SEG solutions on the market as well as a cloud-native integrated email security solution designed specifically for M365 protection. Mimecast is one of the leading vendors in terms of threat research and analysis, monitoring over a billion email every day. This threat intelligence powers their highly effective email scanning technologies and gives them a clear edge when it comes to protecting the email channel against malware and phishing across all their security products.

Mimecast Integrated Suite is a cloud native email security solution that can be deployed directly into M365 via API integration. It enables powerful protection against email attacks such as phishing, malicious URLs and attachments, and spam – warning banners are placed on suspicious email messages alerting users to the potential threats. The solution is fast to deploy, with minimal configuration required.

Mimecast Gateway Suite is a cloud-deployed secure email gateway service, which offers advanced admin features, can protect any email environment, and provides highly effective protection against spam and malware. It also integrates with other leading Mimecast solutions, including email continuity, email archiving, and DMARC protection.

Both of these services leverage Mimecast’s leading threat intelligence, AI-powered threat detection components, comprehensive reporting, and browser isolation technologies to prevent web-based malware sent via email. Mimecast boasts a low rate of legitimate emails being falsely marked as spam and a high rate of spam and virus blocking. We recommend Mimecast as a strong option for enterprise organizations, looking to implement a market leading email security solution.

Avanan is an innovative cloud-based email security solution, with a full threat protection suite for Office 365 and Google Workspace (formerly GSuite). Avanan’s platform protects businesses from sophisticated email attacks like phishing, malware, account compromise and data loss. Unlike traditional secure email gateway solutions, Avanan sits inside the email environment, and is deployed in just a few minutes, without requiring any MX record changes. This API based integration allows Avanan to analyze all historical emails, enabling it to accurately detect user impersonation and email fraud.

Avanan provides multi-layered threat protection to protect emails inside the email inbox. As Avanan sits within the email environment, it can secure inbound, outbound and internal emails. Avanan uses machine learning to identify zero-day phishing attacks, using over 300 indicators of compromise – including time of sending, location and domain – to flag suspicious emails. Avanan also uses machine leaning algorithms to detect business email compromise, by flagging logins across multiple countries and alerting admins to unusual behaviours that point to accounts being taken over.

Avanan also provides enhanced malware protection for emails. This includes protection against harmful attachments and URLs, with advanced reporting for all inbound, outbound and internal emails. From inside the email network, Avanan provides real-time and historical visibility into all users and email threats. Avanan is a strong solution for Office 365 and Google Workspace users looking for powerful protection against phishing, spear-phishing and account compromise.

Read our full review of Avanan here.

Barracuda is a popular email security provider that offers a comprehensive and cost-effective email security system, combining an email gateway, API-based inbox security, and web security into one cloud platform. Barracuda leverages AI-powered engines to provide strong protection against all types of threats, with comprehensive admin controls and visibility. Barracuda also offer other email security-adjacent solutions, such as email encryption and archiving, security awareness training, backup for M365, and Zero Trust remote-access for Microsoft 365 applications.

Barracuda’s email gateway provides strong protection against spam and malware, with effective email filtering which leverages static analysis and sandboxing to protect against both known and unknown threats. Their inbox layer protection effectively blocks phishing and impersonation attempts, using AI engines to analyze communication patterns within your organization and flag messages containing suspicious and harmful content. Barracuda also provides effective protection web threats, with a URL and DNS filtering capabilities that integrate across the email channel to stop users visiting harmful web pages.

Barracuda offers a compelling, multi-layered email security stack for protecting Microsoft 365, at a cost-effective price point. Barracuda Email Protection is praised by customers for its support, with many users saying their team is quick to respond and knowledgeable. We recommend that SMBs and MSPs looking for an all-in-one email security solution for M365 consider shortlisting Barracuda Email Protection.

Leading cybersecurity and technology company Cisco offer an effective cloud-based email security gateway, delivering powerful protection against business email compromise and phishing attacks. The platform provides highly advanced threat analytics, actionable reporting, and a simplified admin workflow to help improve policy management. Cisco operate one of the industry’s biggest threat intelligence platforms: Talos, which collects data on over 600 billion emails every day. Cisco also offers Secure Email Threat Defense, a cloud-native email security service deployed via API.

Cisco’s email gateway provides highly effective protection against email threats, with highly effective ransomware protection leveraging Sophos’ antivirus engines, and real-time URL analysis to protection against phishing links. It also provides domain and reputation protection and effective graymail spam protection. Cisco’s cloud-based Secure Email Threat Defense solution augments the native protection within M365 with powerful threat detection engines. This includes filtering for outbound, inbound, and internal email messages, automatic remediation of malicious content from inside the email inbox. Reporting, search, and message tracking is available from an integrated admin dashboard.

Cisco Secure Email is an enterprise-focused solution – and one of its core benefits is the tight integration across Cisco’s broad portfolio of market leading security solutions. This includes security awareness training, threat response, secure endpoint protection, malware analytics, identity controls with Duo Security, and many more enterprise security controls. We highly recommend the Cisco platform for organizations that can take advantage of this extensive feature set.

Update July 14 2023: Cisco has now completed its acquisition of Armorblox, an AI-powered email security platform which will be leveraged across Cisco’s email security portfolio.

Microsoft Defender for Office 365 is a cloud-based email filtering service that augments the default protection offered by the M365 email platform. It protects against advanced email threats, such as sophisticated phishing attempts and BEC as well as malicious files and attachments. A key benefit of this solution, aside from native integration and deployment for M365, is that protection extends across M365 apps.

Microsoft have developed effective AI engines to automate threat protection, enforcing anti-phishing policies, anti-malware protection across SharePoint, OneDrive, and Microsoft Teams as well as checking each attachment to ensure it is safe. The solution is very easy to set up for customers on Microsoft 365. Defender provides admins with threat protection policies, reports and investigation, and response capabilities that businesses would not otherwise get with M365 natively. Using Defender, admins can define threat-protection, view real time reports, and use tools to investigate threats and their source.

Microsoft have invested heavily in Defender for Office 365, making the solution a very effective and credible choice for SMBs looking to invest in an enhanced email security suite for M365. The solution is increasingly highly rated in independent security tests, and integrates across Microsoft’s XDR, SIEM, and Intune solutions for a holistic security platform.

Organizations looking for the most effective and advanced admin controls, policy management, and spam filtering may wish to look at the dedicated gateway options on this list, but Microsoft Defender is a popular choice with customers, as a comprehensive solution, that works natively with Microsoft 365.