company’s communications. Benefits of SaaS email include high
               availability, distributed architecture, ease of access, standardized

               configuration, and physical location independence. However, there are
               some potential risks using a hosted email solution, including
               blacklisting issues, rate limiting, app/add-on restrictions, and what (if
               any) additional security mechanisms you can deploy.


               Email Security Goals


               For email, the basic mechanism in use on the internet offers the
               efficient delivery of messages but lacks controls to provide for
               confidentiality, integrity, or even availability. In other words, basic
               email is not secure. However, you can add security to email in many
               ways. Adding security to email may satisfy one or more of the
               following objectives:

                    Provide for nonrepudiation

                    Restrict access to messages to their intended recipients (i.e.,

                    privacy and confidentiality)

                    Maintain the integrity of messages

                    Authenticate and verify the source of messages

                    Verify the delivery of messages

                    Classify sensitive content within or attached to messages

               As with any aspect of IT security, email security begins in a security
               policy approved by upper management. Within the security policy, you
               must address several issues:


                    Acceptable use policies for email

                    Access control

                    Privacy

                    Email management

                    Email backup and retention policies

               Acceptable use policies define what activities can and cannot be
               performed over an organization’s email infrastructure. It is often