Email: the number-one attack vector
Over 90% of cyber attacks begin with an email. Phishing, Business Email Compromise (BEC), ransomware delivered via attachments, credential-harvesting links — the email inbox remains the most exploited entry point into business networks. Despite this, many organisations still rely on the basic spam filter bundled with their email provider.
A basic spam filter checks sender reputation and simple keyword patterns. It was designed for a threat landscape that no longer exists. Modern attacks use look-alike domains, compromised legitimate accounts, polymorphic attachments and time-delayed URL redirects that easily bypass traditional filtering.
What an Email Security Gateway does differently
An Email Security Gateway (ESG) is a dedicated security layer that sits between the internet and your mail server, inspecting every message through 14 levels of in-depth analysis before it reaches the inbox. Unlike a basic filter, an ESG operates on multiple levels:
- 1AI-driven content analysis— machine learning models trained on millions of messages detect phishing attempts, social engineering and BEC patterns that rule-based filters miss.
- 2Attachment sandboxing (QuickSand)— Libraesva's proprietary QuickSand technology detonates suspicious files in an isolated environment, analysing active content (macros, JavaScript, OLE objects) to detect ransomware, trojans and zero-day exploits before delivery. Up to three antivirus engines (Avira, Bitdefender and ClamAV) scan every attachment.
- 3URL rewriting and deep scan (URLSand)— Libraesva's proprietary URLSand technology rewrites links at delivery and re-checks them at click time, following redirects and analysing landing pages to catch time-delayed phishing pages that were clean when the email arrived.
- 4Email authentication enforcement — full SPF, DKIM, DMARC validation and ARC (Authenticated Received Chain) support to prevent domain spoofing and ensure legitimate emails pass through correctly.
- 5Outbound email protection— scanning outgoing messages to prevent data leaks, detect compromised accounts sending spam or malware, and protect your domain reputation.
Libraesva ESG: the technology behind ATWS Email Security Gateway
ATWS Email Security Gateway is built on Libraesva ESG (Email Security Gateway), an Italian-developed platform that has earned multiple VBSpam+ awards from Virus Bulletin for its exceptional detection rates. Libraesva stands out for:
- QuickSand sandbox— a proprietary technology that analyses active content in documents (macros, JavaScript, OLE objects) without relying on signatures, catching zero-day threats.
- URL Deep Scan— follows redirects, analyses landing pages and checks reputation at click time, not just at delivery, defeating time-delayed phishing attacks.
- Threat Analysis Portal— a web interface for administrators to inspect quarantined messages, release false positives and review threat intelligence reports.
- Full Microsoft 365 and on-premises integration— works seamlessly with Microsoft 365, Exchange, Google Workspace and any SMTP-compatible mail server, with no changes to MX records required for the initial evaluation phase.
Email security and regulatory compliance
For organisations subject to the NIS2 Directive, email security is not optional. NIS2 requires adequate measures to protect communication channels, and email is the primary vector for incidents that trigger mandatory reporting obligations (24-hour pre-notification, 72-hour formal notification).
An Email Security Gateway contributes directly to compliance by reducing the attack surface, providing audit-ready logs for incident investigations and supporting the incident response process. Combined with proper email authentication (SPF, DKIM, DMARC), it forms a comprehensive email defence strategy.
ATWS Email Security Gateway: a managed service
AtWorkStudio delivers email security as a fully managed service. ATWS Email Security Gateway includes deployment, configuration, SPF/DKIM/DMARC setup, ongoing monitoring, policy tuning and threat response. The service is currently undergoing ACN (Italian National Cybersecurity Agency) qualification (reference SA-7582).
Libraesva ESG achieves a 99.99% catch rate, certified by Virus Bulletin since 2010 with multiple VBSpam+ awards. The platform is powered by EsvaLabs, a real-time threat intelligence network that collects data from live installations worldwide to continuously update detection rules. Administrators have access to the Threat Analysis Portal for inspecting quarantined messages, reviewing threat intelligence and managing false positives. Libraesva is compatible with Microsoft 365, Exchange, Google Workspace (G Suite) and Zimbra.
AtWorkStudio holds ISO/IEC 27001, 27017, 27018 and ISO 9001 certifications. We are members of Clusit (Italian Association for Information Security) and affiliated with Confindustria Piacenza in the RICT cluster. You can verify your domain's current email authentication status using our free DIG tool to check SPF, DKIM and DMARC records.
Frequently asked questions
What is an Email Security Gateway and how does it differ from a spam filter?
An Email Security Gateway is a dedicated platform that inspects every inbound and outbound email at multiple layers: reputation, content analysis, attachment sandboxing, URL rewriting and email authentication (SPF, DKIM, DMARC). A basic spam filter only checks known blacklists and simple keyword rules, missing sophisticated phishing, BEC and zero-day threats that modern gateways catch.
Why is Libraesva considered a leading email security solution?
Libraesva ESG (Email Security Gateway) is an Italian-developed solution recognised by Virus Bulletin with multiple VBSpam+ awards. It combines AI-driven threat analysis, QuickSand sandboxing for attachments, URL Deep Scan for link inspection, and native support for SPF, DKIM, DMARC and ARC. It is deployed both on-premises and as a cloud service, making it suitable for SMEs and large organisations alike.
What types of email threats does an Email Security Gateway block?
A modern Email Security Gateway blocks: phishing emails with spoofed sender addresses, Business Email Compromise (BEC) attacks that impersonate executives, ransomware and malware delivered via attachments or links, zero-day threats through behavioural sandboxing, and outbound data exfiltration. It also enforces email authentication protocols to prevent domain spoofing.
Is an Email Security Gateway required for NIS2 compliance?
The NIS2 Directive requires organisations in scope to implement adequate cybersecurity measures, including protection of communication channels. Since email is the primary attack vector for over 90% of cyber incidents, an Email Security Gateway is a key technical measure for NIS2 compliance. It also supports incident detection and reporting obligations.
Can AtWorkStudio deploy an Email Security Gateway for my organisation?
Yes. AtWorkStudio deploys and manages ATWS Email Security Gateway, a managed service built on Libraesva ESG. The service includes configuration, SPF/DKIM/DMARC setup, ongoing monitoring and threat response. AtWorkStudio holds ISO/IEC 27001, 27017, 27018 and ISO 9001 certifications, and the service is undergoing ACN (Italian National Cybersecurity Agency) qualification.
Sources
- Verizon Data Breach Investigations Report (DBIR) — Verizon
- Internet Crime Report 2024 — FBI Internet Crime Complaint Center (IC3)
- Virus Bulletin VBSpam+ Comparative Reviews — Virus Bulletin
- ENISA Threat Landscape Report — European Union Agency for Cybersecurity
- Clusit Report 2026 — Italian Association for Information Security