Home Page

VPN & Cryptography


Email & Spam

Security Topics


Email Spam

Zero Day Window


Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails


Email Throttling

What is Spam

Whitelists and Blacklists



Monitoring of Internal Emails within an Organisation


More than 70% of email traffic is internal email that is internal users sending email to other internal users. Securing and monitoring of emails should be enforced similar to the reasons you would secure inbound and outbound emails. The following details some of the reasons you need to to ensure emails have been safeguarded:



You should be filtering internal email for malicious threats, and for monitoring and auditing purposes such as legal requirements.

To monitor internal email some anti-spam security vendors provide a plug in as an add on to their anti-spam email gateway security solutions. For example with Clearswift's MIMEsweeper software, you can purchase a plugin and install this on the Exchange server. The plugin will capture any internal email transferred from one mailbox to another mailbox on the Exchange server. The plugin will be able to capture emails and redirect emails to the anti-spam security solution for scanning.

Without a plugin, at least in the case for Clearswift, this cannot be done because internal email is transferred from one mailbox to another. This is all done within the Exchange server, and why email never hits the anti-spam security gateway. The anti-spam firewall tends to sit on the perimeter to scan inbound and outbound email.

Further Reading

Wikipedia's guide to Email