M86 MailMarshal Secure Email Server


Trust That Confidential Content Stays Confidential

Email is a transparent communication. It’s easier for someone to view email in transit than it is to eavesdrop on a phone conversation. Many organizations need email security tools to secure confidential information; others require it. Trade secrets, business plans and product development demand communication technology that ensures only approved individuals participate in the communication. Transfer of unprotected medical, legal or financial information is subject to significant fines and litigation. That’s where MailMarshal SES email filtering comes in.

MailMarshal SES automatically enforces security policies and leverages content monitoring and filtering technology to meet regulatory compliance standards and protect against data leakage. It provides enhanced Public Key Infrastructure with advanced functionality for key generation, certificate harvesting, automated maintenance and centralized authentication directories. Our email security tool is ideally suited to environments where secure communication needs to be established and maintained between groups of organizations, while allowing for the flexibility to easily change membership and credentials.

MailMarshal Secure Email Server Diagram


  • Dedicated policy-based email encryption and digital signing
  • Public Key Infrastructure (PKI) with S/MIME encryption standards up to Triple-DES (168-bit) cryptography
  • Works with MailMarshal SMTP, or other S/MIME gateways, to provide content monitoring and filtering of confidential messages
  • Delivers secure certificate generation technology and comprehensive support for third-party Certificate Authorities
  • Extensive certificate management capabilities, including support for Certificate Revocation Lists (CRLs), automated certificate harvesting, sorting and storage
  • Centralized certificate updates through directory (LDAP) synchronization with established authentication servers
  • Extensive reports and auditing for secure communications



  • Confidential communication
  • Consistent application of security policies
  • Compliance requirements enforced
  • Centralized control of encrypted communication
  • Low total cost of ownership
  • Maintenance of secure email best-practices
  • Cost effective and easy to deploy with very minimal ongoing manual administration requirements
  • Versatility and flexibility enable other organizations or specialized contributors to easily join the secure network without undue costs
  • Email encryption you can trust


How it Works

MailMarshal Secure Email Server is a standalone S/MIME gateway that can be configured to work with MailMarshal SMTP or any other email server that can recognize and route S/MIME messages. When used with MailMarshal SMTP, it can enable automatic encryption, decryption and digital signing policies as well as managing, harvesting and storing public keys for secure contacts.

MailMarshal SES Diagram

The diagram above shows how MailMarshal Secure Email server operates and how it works with other servers and directories.



  1. Confidential Email – an authorized user within your organization sends a confidential email to a secure contact.
  2. MailMarshal SMTP – MailMarshal SMTP evaluates the message and automatically determines that based on confidential content and the intended recipient the message must be encrypted before leaving your organization. It routes the message to MailMarshal SES for encryption and signing. Or, in the reverse scenario where your MailMarshal SMTP server receives an encrypted message from a secure contact, it routes the message to MailMarshal Secure Email Server for decryption. NOTE: MailMarshal SMTP and MailMarshal Secure Email Server can be deployed together on one server or separate servers.
  3. MailMarshal Secure Email Server – the confidential email is accepted by MailMarshal SES which then signs the message with your organization’s Private Key and automatically retrieves and applies the relevant Public Key for the intended recipient. If the right key is unavailable, has expired or been revoked, MailMarshal SES can be configured to automatically retrieve the right key from a central LDAP server or independent Certificate Authority (see Step 4). MailMarshal SES will also automatically harvest and store Public Keys from incoming digitally signed messages.
  4. Independent Validation – MailMarshal SES can interface with a centralized LDAP server that you and your secure contacts establish together to maintain credentials such as certificates/public keys and certificate revocation lists. This makes it easy to add new members and share key updates without any manual administration. MailMarshal can also work with independent Certificate Authorities such as VeriSign or Comodo.
  5. Encrypted & Signed Email – Once the message has been signed and encrypted by MailMarshal SES, it is then routed back to MailMarshal SMTP where it is re-checked against policy before transmission. Once the email leaves your organization it can only be opened by the intended recipient.
  6. Remote Contact – The intended recipient can be an individual such as one of your own staff working out of the office or an external party such as a contractor or lawyer. These individuals can use a standard S/MIME email client such as Microsoft Outlook to communicate with your organization securely.
  7. Secure Contact Organization – Your secure email partners can use MailMarshal or any other suitable S/MIME gateway to decrypt the message or a standard S/MIME client such as Outlook.
  8. Intended Recipient – Whether the email is decrypted by an S/MIME gateway or S/MIME client the intended recipient is the only person able to view the message. The recipient can also trust that the message is authentic and unaltered as it is digitally signed by MailMarshal SES with your company’s Private Key.



  • Processor – Pentium 4 class processor
  • Disk Space – 10GB (NTFS) or higher
  • Memory – 512MB or higher
  • Operating System – Windows Server 2003 or Windows XP Professional (32-bit only)
  • Database – (Optional) Microsoft SQL 2005 or SQL Express 2005



MailMarshal Secure Email Server can be co-hosted on the same server with MailMarshal SMTP or another S/MIME gateway or can be deployed separately on its own server. For best results we recommend working with one of our certified technical sales consultants to identify the ideal solution for your organization’s secure email requirements.