Implementation of enhanced email threat protection

Service: Executing projects
Sector: Other
Area of expertise: Cyber security


Denmark’s largest railway company needed to improve its existing email security by scanning all inbound and outbound mail-traffic – to be able to remove ill-intended emails. A tool had been chosen but needed to be implemented.


Kopenhagen Konsulting was responsible for the coordination and implementation of a newly acquired email threat protection system (ETP). The purpose of the system was to scan all inbound and outbound mail-traffic in order to protect against ill-intended emails.

The ETP system had two modes available. The client initially wanted to implement the ETP system in BCC mode (Blind carbon copy). The BCC mode integration between O365/EOP and ETP Cloud is accomplished through the use of a transport rule and by whitelisting the ETP Cloud Internet Protocol (IP) address ranges and domains. The transport rule will BCC all external inbound emails to ETP Cloud for analysis.
However, after having implemented the system in BCC mode, the client decided to change the implementation to an inline mode to improve security. This meant changing to the mode integrated with AV/AS between O365/EOP. This was accomplished by whitelisting the ETP Cloud Internet Protocol (IP) ranges and domains and through modifications of the domain mail exchanger (MX) records. These rules allowed messages sent from the system to be delivered without the risk of being quarantined by O365. Once the domain MX records are changed, the mail will start to route through ETP Cloud. The transfer from BCC to inline AV/AS was handled with significant care due to the importance of a constant mail-flow during corona lock-down. For this reason, preparation, proper communication, testing and hyper-care were given more time than usual. Specifically, it was important to make certain that proper testing could be facilitated during the implementation and hyper-care. This was achieved through lowering the time-to-live levels for all records (MX, SPF, etc.). Consequently, if there had been an issue during the implementation, it would have been simple to revert back to the old mail-flow with minimum down-time


The client received a full implementation of the new email security system (email threat protection – ETP). The implementation was completed without having any negative impact on the daily operations as all time-to-live levels for all records had been lowered as a part of the implementation strategy.