Overview

Sublime’s default set up analyzes and remediates messages upon receipt in an end-user’s mailbox (”post-delivery”).

Enterprise users can choose to instead analyze and remediate threats before they land in end-user mailboxes (”pre-delivery”) using our inline protection mode for inbound messages, without losing the ability to complete manual remediations post-delivery.

Use cases

For customers that are interested in completing message analysis and remediation pre-delivery, our inline protection mode offers an easily-deployed solution that takes minutes to set up with no MX record changes.

Some common reasons that we see customers choosing to implement inline protection within their organization include:

• While Sublime already processes most messages in less than one second via API, processing emails pre-delivery closes this gap completely.
• Messages are intercepted and never delivered to the recipient, so messages that auto-forward to third-party systems, e.g. Salesforce, Jira, Zendesk, etc, are remediated before they can be auto-forwarded outside of the mailbox.
• Actions are applied before the messages land, so users receive a message in its “final state”: warning banners are already applied, malicious emails are automatically quarantined or trashed before a push notification is sent, and spam is redirected before users see it in their inbox. This protects users the instant a potentially harmful message arrives.

💻

Enable by mailbox

Inline protection mode can be enabled for any subset of your end-user mailboxes — from 1 mailbox to your entire tenant. This is valuable for testing inline on a small subset of mailboxes before rolling out to all mailboxes and for users that only want coverage for aliases that auto-forward to third-party systems like Zendesk or Salesforce.

Environments

We currently support inline protection mode in Google Workspace and Microsoft365 environments.

⚠️

IMAP and GovCloud deployments are not supported at this time. Reach out to [email protected] if you’re interested in getting inline protection for your IMAP or GovCloud deployment!

Getting Started

Getting inline protection mode set up in your environment is straightforward — with transport/routing rules in your email provider, we can begin inline processing in minutes! Given that inline protection mode impacts critical path analysis and remediation of messages, Sublime provides complimentary white-glove enablement to all Enterprise customers that are interested.

To get started with inline protection mode in your environment, let anyone on your Sublime account team know that you’re interested!

We recommend that all users use a phased rollout approach for inline protection mode, starting with a testing phase in non-critical mailboxes before moving to an active rollout phase with more/all mailboxes.

Technical Implementation

To set up inline protection mode, your Sublime team will set up a series of transport or routing rules alongside a super-admin from your organization. The process is dependent on your email provider:

• Microsoft365 customers need to configure connectors and skiplisting, and add transport rules. Microsoft365 customers can alternatively run a script that will configure their settings automatically.
• Google Workspace customers need to add mail route, inbound gateway, and compliance rule in GW.

The Sublime team will walk you through testing the inline protection mode and setting up alerts for message delays and failures.

Reliability and Message Safety

Message safety is critical to Sublime.

Since Sublime intercepts messages before delivery, we take multiple steps to ensure messages are never lost:

• Immediate Storage: Messages are stored in S3 before processing begins
• SMTP Acknowledgment: We only acknowledge receipt after successful storage
• Retry Logic: In most cases, your email provider will retry delivery if Sublime doesn't acknowledge
• Fallback Delivery: If processing fails, Sublime attempts direct delivery as a fallback
• Error Recovery: Failed messages are saved with error details for manual recovery

In cases where Sublime services have become unavailable for any reason, Microsoft365 and Google Workspace will automatically retry delivery for up to 7 days, then return the message to sender as undeliverable.

✅

Never lose a message

Messages are never lost during normal operation. If Sublime successfully receives a message, it is stored and will be processed even if there are temporary processing delays. If, in the worst case, a message fails to be processed after multiple attempts, it is saved with error details for manual recovery.

Failover Capabilities

Microsoft365

Microsoft365 supports automatic failover in case Sublime’s service becomes unavailable.

To automatically disable inline processing and fall back to async message processing, authorize the Sublime Inline Monitoring Azure app to update your transport rules through the API. If the Sublime Platform detects an outage, it will then automatically disable your inline protection mode transport rules.

If automatic failover is not set up, Exchange will retry delivery for up to 7 days, then return the message to sender as undeliverable.

Google Workspace

Unlike Microsoft 365, Google Workspace does not support automatic failover. If Sublime's service becomes unavailable:

• Google Workspace will retry delivery for up to 7 days
• After 7 days, messages are returned to sender as undeliverable
• If necessary, manual intervention is required to disable the inline protection compliance rules

We strongly recommend you set up a webhook to notify you of critical delays or failures. Instructions for setting up inline protection mode and the webhook alerts are available at-request from the Sublime team.