Email hybrid service configuration

Forcepoint Email Security combined with the Forcepoint Email Security Hybrid Module offers a flexible, comprehensive email security solution can combine on-premises and hybrid (in-the-cloud) analysis as needed to manage inbound and outbound email for your organization.

The email hybrid service provides an extra layer of email analysis, stopping spam, virus, phishing, and other malware attacks before they reach the network and considerably reducing email bandwidth and storage requirements. You can also use the email hybrid service to encrypt outbound email before delivery to its recipient (your subscription must also include the Forcepoint Email Security - Encryption Module for this feature).

You can create policies for on-premises and hybrid analysis in the same user interface—the Email Security module—and configuration, reporting, and management are centralized.

Before you can use the email hybrid service to examine email for your organization, you must enter a valid subscription key that includes the Forcepoint Email Security Hybrid Module and configure a number of settings in the Email Security module and in your Domain Name System (DNS). This creates a connection between the on-premises and cloud portions of your email protection system. See Registering the Email Security Hybrid Module.

The Email Hybrid Service Log contains records of the email messages that are blocked by the email hybrid service before they reach the network. See Email Hybrid Service Log for information about the contents of this log. See Configuring the Email Hybrid Service Log for details about enabling and scheduling Email Hybrid Service Log updates.

The flow of email through the hybrid service can vary, depending on the filters or rules you have configured. The following provides some general steps regarding the flow of inbound email:

  1. An email message is received by Forcepoint Email Security Cloud and initially scanned for DKIM verification, spam, viruses, and malicious URLs.
  2. An email message that triggers any of these options may be blocked, or may be sent to on-premises Forcepoint Email Security with related information (such as spam score, DKIM results, virus information, and URLs).
  3. On-premises Forcepoint Email Security scans the message based on the rules and filters configured in your system settings. Information provided by Forcepoint Email Security Cloud is used when enforcing spam, virus, or anti-spoofing rules.
  4. If not blocked by a filter or rule and Advanced File Analysis is enabled, the email message is sent to Advanced Malware Detection - Cloud for analysis.

For more information about mail flow through different types of Forcepoint Email Security deployments, see the Deployment & Installation Center.