Inbound Gateway

This article describes Coro's Inbound Gateway email security add-on and how it can help protect your users' incoming email.

Introducing the Inbound Gateway

A subscription to Coro's Email Security module enables organizations to configure comprehensive and configurable anti-malware and anti-phishing protection for the email accounts of protected users in connected Gmail or Microsoft 365 cloud applications. Coro utilizes an API-based approach to check emails in a user's mailbox, deleting or quarantining malicious messages as appropriate. For more details, see Email Security.

Coro's Inbound Gateway add-on takes this same protection one step further by offering a full email proxy gateway that intercepts inbound emails before they enter the organization's network.

Emails passing through the Inbound Gateway are thoroughly inspected for threats, greatly reducing the number of malicious or untrusted emails that enter the organization and reach their intended recipients.

While Coro's API-based email security is designed to protect users in connected cloud email services from Google or Microsoft, the Inbound Gateway acts on email messages from all third party providers. Messages are checked at delivery (MX/DNS level protection) and recipients can be individual accounts, groups, or shared email boxes.

Using the Inbound Gateway

The Inbound Gateway is an add-on to Coro's Email Security module. You can use the Inbound Gateway as a standalone email protection service without configuring API connections to your cloud applications, but combining both approaches provides increased protection against email threats. Both services are configured through the same common settings - enabling scanning for one threat type affects both API-based protection and the Inbound Gateway simultaneously.

By incorporating the Inbound Gateway into your existing API-based email protection, you increase the probability that a threat will be detected. You additionally introduce a failover mechanism in the unlikely event that one of the protection mechanisms is blocked or prevented from full operation.

To enable the Inbound Gateway to inspect and protect your users' incoming email, you must make sure they are added to protection. If you have no cloud applications connected, this must be done manually (by adding user email addresses individually or through a CSV file-based bulk import). Alternatively, connect a cloud application to your workspace to enable Coro to identify and add all registered email users in one operation.

Configuring the Inbound Gateway to work with your existing email provider

The Inbound Gateway offers a streamlined workflow with seamless integration into your existing email service.

The process by which you configure the Inbound Gateway to receive email from your existing provider can be summarized as follows:

You reconfigure your DNS with Coro as the highest priority MX record, and then configure your Coro workspace with details of the email domain being protected. Finally, you configure your existing email service to set Coro as the gateway for inbound email.

In normal operation, incoming email is received by the Coro Inbound Gateway and analyzed for potential threats.

Safe emails are transparently forwarded to the recipient, and malicious emails are managed by Coro according to your selected level of protection (see How Coro handles malicious email). Coro raises tickets in the console for each potentially malicious email it encounters. This enables admin users to analyze threats and take appropriate action to safely remove malicious content, or identify false positives and release the email to its recipient.

To learn more about configuring the Coro Inbound Gateway, see Configuring the gateway.