The “Journaling” architecture in Trustifi allows users to scan their incoming emails for all kinds of threats with minimal intervention to their mail flow and architecture.
This architecture works by creating a journaling rule in your Exchange/Google environment, which sends journaled copies incoming emails to Trustifi’s endpoint.
The original emails are left untouched and arrive to their intended recipient without delay, while Trustifi receives the journaled copy on which all scans and tests are performed to check for any malicious content, spam, phishing, graymail, or any other type of threat.
Trustifi users can utilize the scanning aspect by itself to get an understanding of how Trustifi’s inbound scanning works without interrupting mail flow, or to gauge Trustifi’s inbound scanning abilities in a Proof of Concept setting.
For added security, Trustifi users can also enable the Office365 or Google Workspaces API integrations to perform additional actions on scanned emails based on the scan results.
For example – with the API integration enabled, emails flagged as “Malicious” or “Spam” can be pulled from the user’s mailbox post-delivery and put into quarantine.
Those emails can then be reviewed and released back to the recipient’s mailbox if deemed safe.
Limitations and Constraints
When using the “Journaling” architecture, there are some differences in mail flow behavior and handling when compared to the Inbound Relay or MX Gateway architectures.
Some of these differences are expected due to the nature of journaling, and some are currently due to technical constraints.
With the journal architecture, functions related to modification of the email body are not available. These functions include applying footers/headers to emails, On-click scan, and Smart Banners.
Emails received from Outlook/Exchange/Yahoo senders in bcc are not scanned by the journal flow.
When an email is sent to a group mailbox and goes into quarantine, trying to release the quarantine email into the group mailbox itself will fail and will show an error.
Note: For groups that copy received emails to recipients, releasing quarantined emails to group members works as expected.Emails received to groups: user-specific settings like contacts, inbound rules, allowlists/blocklists are not considered in the scan process. For example – if an email is sent to a group mailbox, the scan result will always be the same for all group members regardless of personal user settings.