The Top 11 Email Security Gateways

SpamTitan Email Security is a leading secure email gateway platform that provides comprehensive protection against email threats including spam, malware, ransomware, and phishing attacks. SpamTitan is built on a powerful spam filtering platform, with a leading catch rate of 99.99% and a false positive rate of 0.0003%. Alongside spam filtering, SpamTitan Email Security provides advanced protection against sophisticated phishing attacks, scanning all inbound emails in real time and filtering out malicious content, including links to phishing webpages and malicious attachments.

SpamTitan Email Security provides top threat protection against both inbound and outbound email threats. The platform provides multi-layered threat protection for inbound emails, with CEO Impersonation protection, phishing and protection, URL analysis, attachment sandboxing, ransomware protection, SPF/DKIM/DMARC checking, and encryption. SpamTitan prevents phishing and whaling attacks by scanning inbound emails in real time, providing a strong level of inbox protection.

Alongside inbound email, SpamTitan Email Security allows admins to set up powerful data leak prevention rules which help to stop outbound email data loss. SpamTitan Email Security allows admins to easily configure their threat protection policies, including the ability to set allow/deny lists, customize DLP rules and set policies by user, domain and domain group.

SpamTitan Email Security is an accessible and easy to manage platform, with a comprehensive SEG feature set. The service is simple to use, and quick to deploy, easily integrating with existing email systems. SpamTitan Email Security works well as an extra layer of security for Office 365 accounts, providing enhanced threat protection and reporting for Office 365 email users. This protection is backed by their responsive and knowledge technical support team. SpamTitan Email Security is popular with customers, who praise the service for its ease of deployment, cost-effective pricing, and high-quality technical support. We recommend SpamTitan Email Security as an easy to manage email security solution for SMBs, enterprises, MSPs, and resellers.

Best for: Accurate spam filtering with a low false positive rate.

Pricing: SpamTitan is available from $1.08 USD/user/month (based on 250 users).

Learn more about TitanHQ:

• Check out TitanHQ on their website.

• TitanHQ was founded in 1999 and secures over 12,000 business and 2,750 MSPs.

IRONSCALES provides fast, powerful protection against threats within the email inbox. They offer two paid packages (Email Protect™ and Complete Protect™), which provide anti-phishing protection combined with integrated security and awareness training, all of which are administered from a single console. IRONSCALES is a fully cloud-based platform, perfect for use with Office 365 and G Suite. Implementation can be completed in as few as two clicks and no MX record changes are needed. In testing, it detected phishing threats missed by Office 365 and other leading email security solutions. IRONSCALES provides powerful protection against sophisticated social engineering attacks, such as phishing and business email compromise.

IRONSCALES utilizes AI-driven security tools, combined with human intelligence from end-users, to identify malicious emails, and remove them from users’ inboxes automatically.

Additionally, IRONSCALES allows businesses to implement a ‘report phish’ button directly into end-user email clients. This works on all devices and is fully customizable. It allows users to report suspicious emails, which reduces dwell time. According to admin policy, when an end-user reports an email, a warning will display to other users who receive the same or similar email, or alternatively, the email will be quarantined. IRONSCALES also provides a full suite of security awareness training and phishing simulation, with customizable phishing templates and engaging training materials.

Customers praise IRONSCALES for making the management of phishing threats much easier on a broad scale. Admins report that in many cases, IRONSCALES has allowed them to remove phishing emails from inboxes with ease, stopping attacks before they happen. Customers also praise the ease of deployment. IRONSCALES integrates very well with cloud-based email providers, such as Office 365 and G-Suite. IRONSCALES is a great option for organizations that are happy with their level of spam filtering but need additional protection from advanced email threats, such as phishing, insider threats, and business email compromise. IRONSCALES also offers protection against malicious links and attachments in Microsoft Teams environments.

Best for: Detecting highly sophisticated spear-phishing attacks, including GenAI threats.

Pricing: IRONSCALES is available via two plans: Starter and Protect. Pricing is available from IRONSCALES on request.

Learn more about IRONSCALES:

• Check out IRONSCALES on their website.

• IRONSCALES was founded in 2014 and is headquartered in Tel Aviv, Israel.

Trustifi is an email security and encryption provider that helps organizations to secure their inbound and outbound email communications against email threats such as phishing, account takeover, and email-delivered malware. Trustifi combines advanced inbound threat protection that scans emails for malicious content, with outbound email encryption that ensures the protection of sensitive data at rest, in storage and in transit. Compatible with local email clients, Office 365 Outlook and Google Workspace, Trustifi helps organizations secure their inboxes and stay compliant, no matter which platform they’re using to communicate.

Trustifi’s inbound email security technology scans all email communications for malicious content such as spam, viruses, malware, and phishing attempts. The platform ranks each email according to its threat level and threat type, ranging from “Authenticated” through to warnings such as “Impersonation Attack”. The solution then quarantines or removes malicious emails as per admin-configured policies. Trustifi also offers address white- and blacklisting, to help organizations avoid repeat attacks from known malicious actors and ensure that known external senders’ emails aren’t mistakenly quarantined. In addition to its inbound security, Trustifi offers AES 256-bit encryption for all outbound emails, helping to ensure that all sensitive information is sent securely and in line with regulatory standards, such as HIPAA, GDPR, and FINRA. To ensure maximum security, admins can require that recipients verify themselves with 2FA before they’re able to open an encrypted email – but they don’t have to set up their own account with Trustifi.

Trustifi’s solution deploys via API integration, so is quick and easy to set up. It comes with pre-configured, default settings in place so that, once deployed, it instantly provides threat protection. Admins can then log in to set up more granular inbound and outbound email security configurations. Trustifi is praised by customers for its ease of use, both from an admin and end user perspective, and we recommend it as a powerful, user-friendly solution for organizations of any size looking to secure their inboxes against threats such as phishing, as well as encrypt their most sensitive email content.

Best for: Combined inbound threat detection and outbound DLP.

Pricing: Pricing information is available from Trustifi on request.

Learn more about Trustifi:

• Check out Trustifi on their website.

• Trustifi was founded in 2017 and is headquartered in Tel Aviv, Israel.

Abnormal Security is a leading AI-native cloud email security platform. Abnormal goes beyond just email protection, using machine learning to stop sophisticated inbound attacks and detect compromised accounts in email and connected applications. We recommend Abnormal for organizations using Microsoft 365 or Google Workspace, looking for protection against phishing and account compromise.

Abnormal uses a sophisticated anomaly detection engine that assesses contextual data from your environment to understand human behavior. It uses this contextual information to analyze the risk in each email message or login attempt, looking at over 45,000 signals to detect anomalies. This means the platform is highly effective at detecting and stopping sophisticated, socially-engineered attacks that target human vulnerabilities, such as phishing, and account takeover.

Abnormal is deployed inline at the API level for Microsoft 365 or Google Workspace. The solution also extends to protect SaaS applications such as Slack, Workday, Salesforce, ServiceNow, Zoom, and Amazon Web Services.

Abnormal simplifies email and cloud app protection with automatic detection of malicious email messages and suspicious login events. Within the admin console you can view reports into harmful email content, and manage configuration changes in your environment.

Abnormal is a powerful email security platform that has developed as a well-established, cloud-based alternative to email security gateway providers. Recognized as a ‘Microsoft Preferred Solution’ and selected by Microsoft for its email defense capabilities, Abnormal is trusted by over 15% of Fortune 500 organizations. Abnormal has over 2,000 customers across all industries.

Best for: AI-powered protection against account compromise and social engineering.

Pricing: Pricing information is available from Abnormal on request.

Learn more about Abnormal:

• Check out Abnormal on their website.

• Abnormal was founded in 2015 and secures over 2,000 organizations.

Libraesva ESG is an integrated email security solution which uses multiple protective layers to protect Microsoft 365, Exchange, and Google Workspace, both at the gateway and API layers, so email threats like email fraud, BEC, and phishing attacks are thwarted before they can even reach their intended targets.

This is a full-featured solutions offering users a range of useful capabilities. There is spoofing protection, which lets you identify and block imposters and prevent others from spoofing you by using a combination of SPF, DKIM, and DMARC authentication techniques, and threat remediation, which facilitated the removal of malicious emails from users’ inboxes, meaning emails are either deleted or stored for further analysis.

The threat analysis portal is an all-in-one dashboard providing enhanced visibility into email attacks and trend data for the organizations, benchmarked against Libraesva global data. The solution also prevents the delivery of malicious files via deep inspection and documentation sanitation, provides one-click protection which intelligently scans all links for evasive behavior to steep users away from unsafe websites, and encrypts emails end-to-end with the on-demand encryption engine. Email continuity prevents downtime from impacting productivity, and the available mobile app lets users manage Microsoft 365, Exchange, and Google Workspace even when away from their desks.

Libraesva ESG delivers advanced protection for cloud-based email platforms with complete protection against advanced threats and attacks and is easy to deploy, with granular configurability. The solution is well-suited to medium and large enterprises or educational clients interested in cost-effective email protection with high levels of visibility and customization.

Best for: Ease of deployment and management on-premises or in the cloud.

Pricing: Pricing is available from Libraesva on request.

Learn more about Libraesva:

• Check out Libraesva on their website.

• Libraesva was founded in 2013 and protects over 20,000 users globally.

Proofpoint is a market leading email security gateway, and the world’s largest email security vendor, with annual revenues of over $1bn. Proofpoint Essentials is Proofpoint’s solution for small and mid-sized organizations. Essentials is a strong solution for email protection, encryption, archiving and continuity, delivered as a single platform, with a single admin console. Proofpoint have an unparalleled visibility into email threats with their global threat intelligence platform that spans email, social, and mobile. Other vendors rely on third party threat intelligence, which can be less accurate. Proofpoint collect and analyse more than 100 billion data points a day from more than 100 million email inboxes, 200 million social-media accounts, and 7 million mobile apps. Proofpoint secure more than 50% of the Fortune 100, the top 5 banks globally and 7 of the top 10 global retailers.

Proofpoint provide the best protection against email threats, with effective spam protection and detection, powerful URL defense and dynamic content filtering. Essentials is a cost-effective solution, with many features such as archiving and encryption included as part of the Professional package that would otherwise be expensive add-ons. Essentials provides a range of reports and logs to give you more control and awareness over your email network. Proofpoint’s admin console is modern, providing granular controls and improved threat reporting. With Essentials, Proofpoint provides organizations with enterprise class email security at a cost effective price point. It’s an ideal solution for businesses and MSPs, with easy set-up, deployment, and competitive pricing. Proofpoint is also a good option for teams using Office 365, as it offers Azure Active Directory Sync, meaning deployment is seamless and new users are automatically added.

Proofpoint Essentials has recently launched a new feature set to help protect organizations against advanced email threats. This includes one-click message pull, enabling admins to remove suspicious emails directly from user inboxes, predictive URL defense, advanced protection against business email compromise attacks, and predictive warning banners, displayed on email messages to warn users of suspicious activity. These features are available as part of Proofpoint’s Business+, Advanced+ and Professional+ packages.

Best for: Cost-effective, enterprise-grade security.

Pricing: Proofpoint Essentials has six pricing options, ranging from approx. $36-82/user/year. Exact pricing information is available from Proofpoint on request.

Learn more about Proofpoint:

• Check out Proofpoint on their website.

• Proofpoint is the world’s largest email security vendor, with annual revenues of over $1bn.

Material Security is a multi-layered email protection suite. The platform takes an innovative approach to securing email, focusing not only on inbound threats or outbound DLP, but on securing sensitive data inside the email inbox itself. Material was founded in 2017 and is designed to protect teams of all sizes.

Material provides an additional layer of protection against inbound malicious emails, including phishing and BEC, replacing the functions of a traditional SEG. The platform uses machine learning systems, user reports, and customizable language-based rules to detect malicious email content post-delivery. The software is designed to sit alongside and strengthen the native filters provided by M365 or Google Workspace, rather than replacing them altogether.

Material Security also provides granular protection for emails inside the email inbox. It scans all historical email content to identify what sensitive data is being stored by users within their inbox. The solution can then enforce MFA for users to access this sensitive information, such as tax documents or invoices, ensuring that it is protected in case of account compromise. Material also secures identity-based email risks, by identifying password reset links and 2FA codes sent via email in real-time, thereby enforcing an additional authentication layer to secure access. It’s quick and easy for users to authenticate, and the platform integrates with your existing identity tools.

Material’s admin console provides a clear overview of how email is being used across the organization. This includes a breakdown of all accounts without MFA enabled, which email rules are in place, and a breakdown of poor security behaviors, such as forwarding private messages onto sensitive email accounts. Admins can manage multiple tenants and domains, manage accounts and groups and view audit logs.

Material is deployed into the email environment via API, which takes less than 30-minutes and requires no MX-record changes. It can be deployed to all users, or to a subset of ‘VIP’s, such as high-level executives, who may require this additional inbox protection. The solution can be run as a fully isolated, private cloud instance, hosted on Google Cloud. The solution can be integrated across your security stack, including with SIEM, SOAR, authentication, and awareness training solutions.

Best for: Securing sensitive data stored inside the inbox.

Pricing: Pricing information is available from Material Security on request.

Learn more about Material Security:

• Check out Material on their website.

• Material was founded in 2017 and is used by leading global brands.

Mimecast is a leading vendor in the email security space, protecting more than 40,000 organizations globally. They offer one of the most fully featured SEG solutions on the market as well as a cloud-native integrated email security solution designed specifically for M365 protection. Mimecast is one of the leading vendors in terms of threat research and analysis, monitoring over a billion email every day. This threat intelligence powers their highly effective email scanning technologies and gives them a clear edge when it comes to protecting the email channel against malware and phishing across all their security products.

Mimecast Integrated Suite is a cloud native email security solution that can be deployed directly into M365 via API integration. It enables powerful protection against email attacks such as phishing, malicious URLs and attachments, and spam – warning banners are placed on suspicious email messages alerting users to the potential threats. The solution is fast to deploy, with minimal configuration required.

Mimecast Gateway Suite is a cloud-deployed secure email gateway service, which offers advanced admin features, can protect any email environment, and provides highly effective protection against spam and malware. It also integrates with other leading Mimecast solutions, including email continuity, email archiving, and DMARC protection.

Both of these services leverage Mimecast’s leading threat intelligence, AI-powered threat detection components, comprehensive reporting, and browser isolation technologies to prevent web-based malware sent via email. Mimecast delivers a low rate of legitimate emails being falsely marked as spam and a high rate of spam and virus blocking. We recommend Mimecast as a strong option for enterprise organizations, looking to implement a market leading email security solution.

Best for: Easily manage complex email environments with customizable policies.

Pricing: Mimecast is available via three plans: Protect, Protect Plus, and Custom. Pricing information is available from Mimecast on request.

Learn more about Mimecast:

• Check out Mimecast on their website.

• Mimecast is a leading vendor in the email security space, protecting more than 40,000 organizations globally.

Barracuda is a popular email security provider that offers a comprehensive and cost-effective email security system, combining an email gateway, API-based inbox security, and web security into one cloud platform. Barracuda leverages AI-powered engines to provide strong protection against all types of threats, with comprehensive admin controls and visibility. Barracuda also offer other email security-adjacent solutions, such as email encryption and archiving, security awareness training, backup for M365, and Zero Trust remote-access for Microsoft 365 applications.

Barracuda’s email gateway provides strong protection against spam and malware, with effective email filtering which leverages static analysis and sandboxing to protect against both known and unknown threats. Their inbox layer protection effectively blocks phishing and impersonation attempts, using AI engines to analyze communication patterns within your organization and flag messages containing suspicious and harmful content. Barracuda also provides effective protection web threats, with a URL and DNS filtering capabilities that integrate across the email channel to stop users visiting harmful web pages.

Barracuda offers a compelling, multi-layered email security stack for protecting Microsoft 365, at a cost-effective price point. Barracuda Email Protection is praised by customers for its support, with many users saying their team is quick to respond and knowledgeable. We recommend that SMBs and MSPs looking for an all-in-one email security solution for M365 consider shortlisting Barracuda Email Protection.

Best for: Comprehensive security with encryption, archiving, and SAT add-ons.

Pricing: Barracuda is available via three plans: Advanced, Premium, and Premium Plus. Pricing information is available from Barracuda on request.

Learn more about Barracuda Networks:

• Check out Barracuda on their website.

• Barracuda Networks was founded in 2003. They support over 200,000 global customers.

Leading cybersecurity and technology company Cisco offer an effective cloud-based email security gateway, delivering powerful protection against business email compromise and phishing attacks. The platform provides highly advanced threat analytics, actionable reporting, and a simplified admin workflow to help improve policy management. Cisco operate one of the industry’s biggest threat intelligence platforms: Talos, which collects data on over 600 billion emails every day. Cisco also offers Secure Email Threat Defense, a cloud-native email security service deployed via API.

Cisco’s email gateway provides highly effective protection against email threats, with highly effective ransomware protection leveraging Sophos’ antivirus engines, and real-time URL analysis to protection against phishing links. It also provides domain and reputation protection and effective graymail spam protection. Cisco’s cloud-based Secure Email Threat Defense solution augments the native protection within M365 with powerful threat detection engines. This includes filtering for outbound, inbound, and internal email messages, automatic remediation of malicious content from inside the email inbox. Reporting, search, and message tracking is available from an integrated admin dashboard.

Cisco Secure Email is an enterprise-focused solution – and one of its core benefits is the tight integration across Cisco’s broad portfolio of market leading security solutions. This includes security awareness training, threat response, secure endpoint protection, malware analytics, identity controls with Duo Security, and many more enterprise security controls. We highly recommend the Cisco platform for organizations that can take advantage of this extensive feature set.

Cisco has now completed its acquisition of Armorblox, an AI-powered email security platform which will be leveraged across Cisco’s email security portfolio.

Best for: Tight integrations with other security tools from Cisco. 

Pricing: Pricing information is available from Cisco on request.

Learn more about Cisco Secure Email:

• Check out Cisco on their website.

• In July 2023 Cisco completed its acquisition of Armorblox, an AI-powered email security platform which is now integrated across Cisco’s email security portfolio.

Microsoft Defender for Office 365 is a cloud-based email filtering service that augments the default protection offered by the M365 email platform. It protects against advanced email threats, such as sophisticated phishing attempts and BEC, as well as malicious files and attachments. A key benefit of this solution, aside from native integration and deployment for M365, is that protection extends across M365 apps.

Microsoft have developed effective AI engines to automate threat protection, enforcing anti-phishing policies, anti-malware protection across SharePoint, OneDrive, and Microsoft Teams as well as checking each attachment to ensure it is safe. The solution is very easy to set up for customers on Microsoft 365. Defender provides admins with threat protection policies, reports and investigation, and response capabilities that businesses would not otherwise get with M365 natively. Using Defender, admins can define threat-protection, view real time reports, and use tools to investigate threats and their source.

Microsoft have invested heavily in Defender for Office 365, making the solution a very effective and credible choice for SMBs looking to invest in an enhanced email security suite for M365. The solution is increasingly highly rated in independent security tests, and integrates across Microsoft’s XDR, SIEM, and Intune solutions for a holistic security platform.

Organizations looking for the most effective and advanced admin controls, policy management, and spam filtering may wish to look at the dedicated gateway options on this list, but Microsoft Defender is a popular choice with customers, as a comprehensive solution, that works natively with Microsoft 365.

Best for: Securing MS365 inboxes while natively integrating with the Microsoft 365 ecosystem.

Pricing: Microsoft Defender for Office 365 is available via two plans. Plan 1 is available for $2 USD/user/month. Plan 2 is available for $5 USD/user/month, and this plan’s capabilities are also included in Microsoft 365 E5 Security.

Learn more about Microsoft Defender For M365:

• Check out Microsoft on their website.

• Microsoft Defender for O365 was launched in 2020, and is an evolution of Microsoft’s previous enhanced email security module, Office 365 ATP.