What is a security vendor?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
A security vendor is a company that sells tools to protect email systems from phishing, malware, account takeovers, and data leaks. These tools scan incoming mail before it hits employee inboxes, and sometimes scan outgoing mail before it leaves the organization.
The most common product from security vendors is a Secure Email Gateway (SEG). Think of it as a checkpoint between the internet and your mail server. Every incoming message gets scanned for threats (malicious attachments, suspicious links, impersonation attempts). If it looks dangerous, it gets quarantined or rejected. If it passes, it's delivered. Major SEG vendors include Proofpoint, Mimecast, Barracuda, and Cisco IronPort (now Cisco).
Security vendors also sell related tools: URL rewriting services that replace every link in an email with a tracking URL (so they can check if it's safe when someone clicks), sandboxing engines that detonate attachments in a safe environment to see if they're malicious, and threat intelligence feeds that share data about known bad actors across customers.
If you're a small sender using an ESP like Mailchimp or Postmark, you don't interact with security vendors directly. But you're affected by them. When you send mail to a large company, it often goes through their SEG first. The SEG decides whether your email reaches the recipient or gets quarantined as suspicious. That's why proper authentication matters so much (SEGs check SPF, DKIM, and DMARC before deciding whether to trust your mail).
Some SEGs are aggressive. They might quarantine your marketing email even when it's legitimate, especially if your domain is new or your content looks like a phishing template. That's not personal. It's just pattern matching. You can't control what security vendors do, but you can make your email look less suspicious by authenticating properly, using a consistent sending domain, and avoiding spammy tactics.
Worth noting: security vendors are separate from mailbox providers. Gmail, Outlook, and Yahoo all have their own built-in spam filters. SEGs sit in front of corporate mail servers (often Microsoft 365 or Google Workspace installations) as an extra layer of protection. Some companies use both. First your email goes through the corporate SEG, then it hits the mailbox provider's spam filter.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.