This particular flow deserves a special mention since the flow of data is with the external world. A critical component of this flow is the Secure Mail Flow engine which is responsible for securing the inbound mail flow.
Inbound Mail Flow
Mail from external domains land on the Secure Mail Flow servers of Mithi SkyConnect (MX landing point for all the domains of our customers). These systems connect connect to the SecureMailFlow service over SMTP on port 25 to deliver a mail meant for a domain hosted on Mithi SkyConnect.
At the periphery, the inbound connections undergo basic reputation checks, such has reverse DNS validations, valid handshake signatures, etc and only if it passes all these tests, a connection is established and the mail accepted.
Once a mail is accepted into the system, the first check is to see if the mail is carrying a virus. If it is, the mail is immediately quarantined and no further processing is done on this mail.
If the mail is virus free, the system checks to see if the sender is in the white list of the recipient. If it is in the whitelist, it means that the recipient has marked this sender as a trusted sender and the mails from this sender should bypass any spam checks and be delivered to the inbox.
If the sender is not in the white list, the system checks to see if the sender is in the black list of the recipient. If it is in the black list, it means that the recipient has marked this sender as a spammer and all mail from this sender should be quarantined without any further checks.
If the sender is not even in the black list of the recipient, a secondary reputation scan is done using methods such has SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), RBL (Worldwide Resource Black lists) etc and the content of the mail is scanned using predefined spam signature patterns, heuristics and other methods.
Based on these results, a spam score is assigned to the mail. If the spam score crosses a threshold, it is marked as a spam and quarantined or else it is deemed clean and pushed into the inbox.
A digest report of the day’s mail traffic is sent to each user’s Inbox. Using this report, the user can verify that the mail detected as spam were actually spam, in his context of operation.
If the user detects a valid mail, falsely marked as spam, he has the option to release the mail from the quarantine store to be delivered to his inbox and also whitelist the sender, essentially marking the sender as a trusted sender, so that in future, all mails from this sender will not be scanned for spam.
Once the mail reaches the user’s mail server, it is deposited into the user’s mailbox.
Local Mail Flow
When a local user (belonging to any domain hosted on the Mithi SkyConnect) sends a mail to another local user, the mail is routed via the edge mail servers directly into the other user’s mailbox. The flow at this point checks for viruses in the mail and if found, simply rejects the mail (mail is not queued). This flow does not connect to the Secure Mail Flow servers at any point. Besides virus checks, at the point of connection to the edge servers, the connection undergoes various other checks like spoof check (sender in mail should be same as sender in the envelop should be same as user authenticating to send the mail), rate threshold breaches by the user for connections and emails, etc.
Outbound Mail Flow
Mail sent by the SkyConnect users (using mobile clients, desktop clients or Baya the web client) to external recipients (users whose domains are not hosted on Mithi SkyConnect), are routed to the Internet via the Outbound Relay (OR) service of Mithi SkyConnect.
The OR service accepts mail, meant for external domains, from the users and queues them for delivery. These mail are then resolved and delivered to the recipient servers directly from the OR service.
The OR service on Mithi SkyConnect is configured for maintaining a high reputation of the outbound IPs and Domain names.
In this flow, the system does not check these outbound mail for spam. It does check for viruses though. In addition at the point of connection to the edge servers, the connection undergoes various other checks like spoof check (sender in mail should be same as sender in the envelop should be same as user authenticating to send the mail), rate threshold breaches by the user for connections and emails, etc.
When the OR service on Mithi SkyConnect is accepting outbound mail from the users, it controls the flow using a defined rate of mail sending per user. This means that a user is not allowed to send more than a pre-defined number of mail in a single day. This is a DOS (Denial of Service) protection mechanism to control the impact of internal spam attacks, which originate from the users on Mithi SkyConnect. These are typically caused by viruses which hijack desktop clients (typically MS Outlook clients) and pump large volumes of mail into the OR service, without the user’s knowledge. The rate control mechanism on the OR service mitigates such attacks when the volume crosses the defined limits.
Vaultastic (Mail Archival)
If you choose to subscribe to the Vaultastic (Mail archival) service of Mithi SkyConnect, you can select the set of users, whose mail should be archived. Archival means retaining a copy of every mail sent or received into a separate storage per user to be used for data retrieval and compliance. The archive account of a user is a read only account and can be accessed from Baya to retrieve a mail or restore the entire mailbox. This interjection in the flow applies to Inbound, local and outbound mail flow. Typically mail from the archival are never deleted and retention depends on the storage allocated to the Mail Archive. Please note that this is different from the Archive feature of desktop email clients, which essentially reduce the Inbox size by moving older mail into a separate folder. However in this client based archive mechanism, the control of being able to delete the mail stays with the end user and thus is not very useful for compliance or recovery.