There was some discussion going on recently here with some members of our field organization about the notion of email “envelope splitting.” It turns out that this is a very powerful feature of the Sentrion policy engine and one that many of our customers find extremely useful for easily creating sophisticated email policies.
For the purposes of making it clear how this can be used, let’s look at a simple example:
Policy Scenario:
- Neil and Cameron work in different departments within the same Bank, and Joe is a member of the Bank’s outside legal team.
- Due to policy restrictions, Cameron is not allowed to receive email attachments from the department Neil works in, and anything sent to Joe from the Bank should be encrypted.
Email Scenario:
- Neil sends Joe and Cameron an important email on a transaction they are working on. The message contains an attachment (spreadsheet).
- The Sentrion policy engine processes the message. As part of the processing, the policy engine analyzes who the message is being sent to (the envelope information) by interfacing with the corporate LDAP directory.
- The policy engine determines that Cameron should not get the attachment and that the message needs to be encrypted before sending to Joe.
- Instead of quarantining the message or removing Cameron from the distribution, Sentrion “splits the message envelope” and sends Cameron the email message (body) without the attachment and a message that says “due to policy restrictions the attachment on this message has been removed.” A notification is also sent back to Neil telling him that Cameron did not get that attachment.
- Sentrion then sends the message and attachment to the encryption server before sending the message to Joe.
As you can imagine, there are countless different scenarios where “email envelope splitting” can be used to easily create sophisticated policies without disrupting the flow of information.
Here is a wacky example to help further drive home the point of how inclusive this feature can be:
- I want the full message and attachment
- Someone else isn’t allowed to get the attachment
- Someone else needs it encrypted in Voltage
- The other guy needs it encrypted in S/MIME
- Another guy only sees the message header but no body or attachment
- The guy down the hall gets an alert or notification that content that should be protected is being sent in a message
- Another guy gets the message but the header information was stripped due to top secret clearance and cannot even trace where the sender came from
- And on and on…
As you can see, this is a powerful function of the Sentrion policy engine, and from what I understand, is another feature unique to Sendmail Sentrion.
Do you have a policy scenario that could take advantage of envelope splitting? If so, please feel free to share it here via a comment.