SendSafely Serverless Email Gateway for AWS

Transparent Email EncryptionWe are excited to announce our new Serverless Email Gateway (SEG) for Amazon Web Services. Our SEG lets you leverage your existing email infrastructure or Data Loss Prevention (DLP) platform to automatically protect email messages with SendSafely before being routed to external recipients. Our SEG also works natively with Office 365 and G-Suite to provide automatic server-side protection for all outbound emails. Get coverage across every user, every device with no client-side software to install. 

How it Works

The core of SendSafely's SEG is powered by AWS Lambda, which runs a function that automatically processes and protects email messages based on attributes you can configure.  Email messages are routed to and from Lambda using Amazon Simple Email Service, which combined with Lambda provides a reliable and scalable infrastructure to handle outbound email messages. You control which messages are routed to SendSafely's SEG based on policies within your existing email platform or DLP system. 

The SEG AWS Lambda function is designed to run within your own Amazon Web Services account, so SendSafely never has access to your un-encrypted emails or the encryption keys used to protect them.   

SendSafely SEG Overview with DLP-3

In this example, the admin sets a rule that tells the email server to flag any message that has an attachment name which contains the word "portfolio".

You create rules that tell your email server or DLP system which messages to flag, based on the message content or presence of an attachment. Messages that are flagged get re-routed to AWS Lambda, where they are automatically protected with SendSafely. You control whether only the attachments or the entire message body gets protected by SendSafely. 

For example, here is a message that Bob sent to Alice that includes a PDF summary of her investment portfolio. Note that Bob attached the un-encrypted PDF file called "Portfolio Performance Summary.pdf" when sending the email to Alice. 

Sent Item no Encryption

As a result of this policy, the message is flagged by the mail server and routed to the SendSafely SEG, where the attachment gets removed and uploaded to SendSafely. A secure attachment notification and link to access the protected attachments is inserted into the top of the message, which is then delivered to Alice. 

Recieved Item with Encryption

You have full control over which messages are routed to the SEG and retain an un-encrypted copy of the message in the Sent items folder of the user that sent the message. You can also customize the look, feel and content of the notification that gets inserted into protected messages.  

Integration With Office 365

Our SEG works natively with the built-in Mail Flow Rule feature of Office 365. Mail flow rules (also known as transport rules) identify and take action on messages that flow through your Exchange account. Mail flow rules are similar to the Inbox rules that are available in Outlook, but take action on messages while they're in transit, and not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.

Detailed information on using mail flow rules and how they work can be found in the Exchange Online documentation

Integration with G-Suite

Our SEG also works natively with the Content Compliance feature of G-Suite. Content compliance rules are based on predefined sets of words, phrases, text patterns, or numerical patterns. You can set up a simple match, advanced, and metadata matches.

Content compliance supports scanning text attachments and common attachment types, such as .doc, .xls, and .pdf, as well as non-ASCII characters. Both simple content and advanced content matches that apply to message body text will also apply to text extracted from attachments. Any rule that applies to the message body text also applies to the extracted text. 

Detailed information on using content compliance rules and how they work can be found in the G-Suite Support portal

Getting Started with SEG

The SendSafely SEG is currently available to SendSafely Enterprise customers. If you are a current SendSafely customer and would like assistance setting up a SEG pilot, send an email to or email your account representative for more information or to schedule a live demo. 


 SendSafely: The Easy to Use End-to-End Encryption Platform. 

If your company is looking for a simple to use email encryption and secure file transfer platform, SendSafely integrates seamlessly with Microsoft Office 365 and G-Suite for Business. Contact us today to request a demo and free trial subscription.