EntrustedMail: Email Management Simplified
About The Client
EntrustedMail
- IndustryEmail Security / Cybersecurity
- RegionUnited States
- PlatformCloud SaaS Email & Security Platform
- Delivery5 years
EntrustedMail secures and manages organizational email systems under annual licensing agreements for organizations using Microsoft 365 and Google Workspace. The platform enables centralized email security checks, policy definition, domain management, and account administration.
It also supports service providers managing multiple client environments. These deployments maintain strict tenant separation for security, isolation, and compliance.
EntrustedMail integrates with existing email infrastructure without altering how users send or receive emails, ensuring seamless operation across organizations.
Project Overview
Cloud-Native Email Security With Non-Disruptive Policy Enforcement
Organizations using Microsoft 365 and Google Workspace often face fragmented email security due to multiple disconnected tools. This leads to inconsistent handling, limited visibility, and increased phishing risk.
EntrustedMail, built with Digisoft Solution, delivers a cloud-native enterprise email security platform. The solution operates under an annual licensing model, with tenant-scoped deployments integrated with Microsoft Graph and Google Workspace APIs.
It operates through queue-driven asynchronous email inspection pipelines and mail flow connectors to enforce policies in near-real-time without replacing the organization’s existing mail routing infrastructure or mail transfer agents (MTAs). It functions as a policy enforcement and inspection layer integrated into the existing email infrastructure. A centralized, rule-based policy engine enables dynamic updates, governance, and administrative control. The system analyzes email metadata and content while preserving existing delivery infrastructure, ensuring non-disruptive operation.
The platform is delivered under licensing governance, where deployment scope, configuration complexity, tenant requirements, and usage patterns define access, entitlements, and pricing structure. The platform is deployed on a scalable cloud-based infrastructure with containerized services and automated deployment pipelines, ensuring high availability and secure multi-tenant operations.
The Concept
Policy Enforcement Integrated Into Existing Mail Infrastructure
The platform processes emails through a policy enforcement workflow integrated with Microsoft 365 and Google Workspace connectors. Each email is evaluated using sender metadata, content patterns, and attachment-level inspection against predefined security rules.
Based on rule evaluation, the system executes actions such as allow, hold, quarantine, or block. It supports both pre-delivery mail-flow inspection and post-delivery remediation workflows depending on policy conditions.
All processing is executed through asynchronous workflows to ensure stable performance under high email volume while maintaining uninterrupted delivery across isolated organizational environments.
Key Challenges Addressed
Scaling Required Control Over Tenants, Security, Volume & Integrations
These challenges impacted operational consistency, security enforcement, and system reliability across multi-tenant email environments.
Multi-Tenant Isolation & Role-Based Access Control (RBAC)
Managing global administrators, resellers, and customer organizations within a shared SaaS platform required strict tenant isolation. It needed granular role-based access control to ensure secure, boundary-enforced data separation across all modules and APIs.
Secure Email Communication & Data Protection (TLS + DLP)
The system required end-to-end encrypted email transmission across multiple providers using TLS, along with accurate detection of sensitive data in emails and attachments. It maintains low processing latency and high throughput.
High-Volume Email Processing & System Scalability
Large-scale email traffic, license events, and automated notifications introduced significant load variability. This required a scalable processing architecture that can handle concurrent workloads without bottlenecks or performance degradation.
Enterprise System Integration Complexity
Seamless synchronization between external email ecosystems and internal modules such as licensing, security, and processing engines. This required reliable, secure, and consistent API-driven communication across distributed services.
Platform Reliability, Observability & Cross-Module Stability
The system contains tightly coupled modules spanning licensing, email processing, security rules, and UI dashboards. This needed centralized observability and robust error handling.
Technical Solutions Implemented
Modular Architecture For Secure, Scalable Email Protection
A consolidated enforcement model unified inspection, licensing, and tenant governance under queue-driven processing while preserving existing mail routing infrastructure.
Multi-Tenant Secure Access Architecture
We enforced strict tenant isolation to ensure that each customer’s data, policies, and email processing were kept separate. It remains completely separated and secure within the shared SaaS environment. This ensured that every request was validated against the tenant context at runtime. It enables secure boundary enforcement, row-level isolation, and consistent access control across all modules.
Secure Email Communication & Data Protection Layer (TLS + DLP)
To secure email transmission and protect sensitive information, we implemented enforced opportunistic TLS where supported by the recipient's mail infrastructure. We used regular expression (regex) patterns, metadata inspection, and optimized attachment scanning. This ensured encrypted transfer and reliable detection of predefined sensitive data patterns, with minimal impact on email processing performance.
Scalable Email Processing Architecture
We designed a scalable processing system using asynchronous background jobs and queue-based processing with retry and dead-letter handling to handle high-volume email traffic and license events. This enabled non-blocking execution, improved throughput, and ensured stable system performance under peak load conditions.
Enterprise Integration Layer for External & Internal Systems
To enable seamless communication between Microsoft 365, Google Workspace, and internal services, we implemented secure REST APIs with JWT authentication, tenant-scoped validation, and rate-limiting policies. This ensured consistent, secure, and reliable data exchange across distributed systems.
Platform Reliability & Observability Framework
To ensure system-wide stability across interconnected modules, we implemented centralized logging, monitoring, structured error handling, and performance optimization strategies. This enabled proactive issue detection, reduced failure impact, and minimized deployment-related regressions through structured testing and monitoring.
Cloud Infrastructure & Deployment Architecture
The platform is deployed on a scalable cloud-based infrastructure using containerized services and automated CI/CD pipelines. It incorporates centralized monitoring, logging, and performance tracking to ensure high availability, secure processing, and operational resilience across tenant environments.
Digisoft Solution developed a centralized email security ecosystem that combines policy enforcement with queue-driven inspection workflows, integrating seamlessly with Microsoft 365 and Google Workspace through a scalable, rule-based pipeline with tenant isolation and asynchronous processing.
Architecture Approach: Why It Works Better
Modular Enterprise Design With Event-Driven Processing
The platform uses a modular enterprise architecture with organization-level isolation and event-driven processing. This replaces monolithic email security systems with independently scalable services to improve throughput, isolation, and integration flexibility.
A centralized policy engine governs real-time email inspection, rule evaluation, entitlement control, and licensing enforcement. This enables consistent security and access governance while supporting dynamic contract updates across customer environments.
- Replaces monolithic systems with independently scalable services for improved throughput and flexibility
- Centralized policy engine manages real-time email inspection and rule evaluation
- Enforces entitlement control and licensing governance across tenant environments
- Supports dynamic contract updates without disrupting ongoing operations
Screens From the Live Build
Surfaces We Designed & Engineered Into Production
Selected moments from the shipped EntrustedMail platform—where policy enforcement, licensing, domain management, and role-based dashboards come together across tenant environments.
Core Features & Functionalities
Designed For End-To-End Email Security Operations
- Role-Based Dashboards: Provides separate dashboards for administrators, resellers, and customers. Each dashboard displays relevant account information, usage details, system activity, and status updates in a clear, structured layout designed for daily operational monitoring.
- License Lifecycle Management Portal: Enables creation, activation, renewal, and termination of licenses across organizations. It tracks license status, assigned accounts, validity periods, and renewal history to ensure proper management of contractual usage and organizational entitlements over time.
- Domain & Policy Configuration Interface: We allow administrators to add and manage email domains associated with their organization. It supports defining rules for handling emails, setting restrictions, and updating configurations that control how messages are processed across different connected domains.
- Automated License Expiry & Notifications: Continuously checks license validity dates and identifies upcoming expirations. It sends alerts to responsible users in advance, helping organizations complete renewals on time and avoid interruptions in access or service availability.
- Reseller Management Console: Provides resellers with tools to manage customer accounts, assign licenses, and track usage across multiple organizations. It ensures controlled oversight of all linked customers while maintaining separation between different tenant environments and access levels.
- Centralized Administration Portal: We offer a single interface for managing users, system settings, and organizational structure. It allows administrators to control access rights, update configurations, and view overall system status across all connected accounts and environments.
Technologies and Tech Stack We Used
Tools Chosen For Scale, Security & Tenant Isolation
C# · .NET 6 · PHP
Core email processing, policy enforcement, licensing services, and API layers.
Angular 7 · Angular Material
Role-based dashboards and administrative interfaces for multi-tenant operations.
JavaScript · HTML5 · CSS3 · Bootstrap
Responsive, structured interfaces for daily security and license management workflows.
SQL Server 2019 · MySQL
Relational storage for tenant data, policies, licenses, and audit records.
Visual Studio 2019
Integrated development environment for backend and full-stack delivery.
Cloud SaaS · Containers · CI/CD
Containerized deployment with automated pipelines, centralized monitoring, and logging.
Microsoft Graph · Google Workspace APIs
Tenant-scoped connectors for mail-flow inspection and policy enforcement.
TLS · DLP · JWT · RBAC
Encrypted transmission, sensitive data detection, and strict tenant-boundary access control.
Testing & Quality Assurance
Validated For Security, Throughput & Delivery Integrity
Comprehensive validation across security, performance, and operational workflows under simulated production conditions.
- Security testing covered API penetration checks, authentication validation, and tenant isolation under simulated multi-user attack scenarios.
- Email throughput was validated under high concurrency using load testing to simulate peak traffic conditions.
- Email delivery integrity ensured processing without loss, duplication, or delay.
- Sender authenticity checks confirmed that only trusted domains are accepted, including spoofed domain tests.
- Message and link inspection detected unsafe patterns across varied content types before delivery
- Attachment handling ensured restricted file types were blocked or flagged correctly.
- Rule-based classification verified routing into delivery, hold, or quarantine states.
- Role-based access and notifications ensured correct permissions and timely license expiry alerts.
Our Approach & Development Timeline
Phased Delivery Across 5 Years
Implementation followed a phased delivery approach—building a stable foundation first, then layering architecture, integrations, and optimization without disrupting active email workflows.
Requirement Gathering and System Planning
Scope, tenant model, and integration requirements definition.
System Architecture and Design Definition
Modular services, policy engine, and queue-driven processing design.
Backend and Core Module Development
Inspection pipelines, licensing, security rules, and APIs.
Frontend Development and Role-Based Interface Setup
Admin, reseller, and customer dashboards with RBAC.
Integration, Testing, and System Validation
Microsoft 365 & Google Workspace connectors, QA, and load testing.
Deployment, Optimization, and Ongoing Maintenance
CI/CD rollout, monitoring, and continuous platform hardening.
Measurable Outcomes
Stronger Security, Efficiency & Operational Reliability
The implemented platform delivered significant improvements across operational efficiency, security enforcement, and system reliability based on production monitoring and internal validation datasets.
Reduced manual email handling from 8–10 hours/day per admin team
Improved email policy classification consistency (from 70–75%)
Lowered email processing latency from 3–6 seconds per message
Reduced missed license renewals from 15–20% with automated tracking
Strengthened tenant-level access control across APIs, dashboards, and processing modules
Increased audit log coverage from 80% event traceability
Digisoft Solution developed a centralized email security ecosystem for EntrustedMail to strengthen threat protection and automate email processing. By combining centralized policy enforcement with queue-driven inspection workflows, the platform integrates seamlessly with Microsoft 365 and Google Workspace. It processes email events through a scalable, rule-based inspection pipeline with tenant isolation and asynchronous processing.
