Mail Guard configurations allow a minimum connectivity using message-based information between domains that cannot be directly connected. A typical scenario is a national or NATO domain on one side and one or more mission networks on the other side.

A minimal configuration has a trusted local classified segment and an external segment controlled by another party. The Mail Guard ensures that only properly labelled messages within an allowed range can pass. A Firewall is typically used to further protect the Mail Guard from hostile attacks at the network level.

The off-the-shelf configuration is prepared for Microsoft Exchange^® with a built-in X.400 Connector as the e-mail servers and Microsoft Outlook^® as the Mail Clients.

Mandatory use of Security Labels

The Mail Guard concept relies on mandatory use of Classifications or Security Labels. Only properly labelled messages are allowed to pass through the Guard. The labels must be within configurable limits.

Messages with specific classifications can be allowed to pass, while all other messages are stopped. E.g. "KFOR RESTRICTED" can pass, while "NATO RESTRICTED" can be stopped. Markings like "… RELEASABLE TO …" can also be part of the criteria.

An add-on to Microsoft Outlook^® is available to ensure that the classification is always set when a new message is created. Two alternatives for the plug-in can be used: 

• Thales Trusted Mail

• The Classify^® utility

 Logging

The Mail Guard maintains Logs and Audits to ensure traceability. Separate Logs are maintained for messages that successfully pass though the Mail Guard and for Invalid Labels, Missing Labels or other errors.