Modernizing Your Email Security Architecture: Pure API vs Transport Rules

Learn about the distinct functionalities of transport rule-based and API-based solutions to make informed decisions about your security architecture.
June 15, 2023

Today’s organizations face an ever-growing number of cyber threats, making email security an essential part of any cybersecurity program. To protect their systems from the latest threats, organizations must consider the best solutions for their specific security needs and environments. This is why it is so important to be familiar with the distinct functionalities of the tools available.

By understanding the strengths and weaknesses of both transport rule-based and API-based solutions, organizations can make informed decisions about their email security architecture that will help them protect their systems from the latest cyberthreats — ultimately allowing them to strengthen their cyberdefenses for maximum protection going forward.

What are Transport Rules and How Are They Used?

In Office 365, a transport rule is a feature that allows you to define and apply specific actions to email messages that pass through the mail flow of your organization. It helps you enforce messaging policies, apply message classifications, and take various actions based on specific conditions or criteria. Transport rules are typically used by administrators to manage email flow, apply compliance policies, and automate certain actions.

Some legacy email security solutions leverage transport rules to reroute mail outside of O365 to themselves for scanning.

Downfalls of Transport Rule-Based Solutions

Transport rule-based solutions have several significant drawbacks. The most egregious is the risk to email availability. If the solution or their hosting provider has an outage, mail is no longer able to be sent back to O365, creating a total mail outage.


Even when mail is being scanned and delivered as it should be, delivery is delayed while each email is scanned. This can lead to a slow inbox experience and can be frustrating for users. Furthermore, transport rule-based solutions typically store a copy of ALL mail that they scan, creating a concern around data residency, security, and potentially compliance if regulatory concerns are at play.

A security approach built on the architecture of transport rules should be evaluated closely for potential impact, and risk, from service delays, availability and continuity, and data privacy/security.

Benefits of Abnormal's Pure API Solution

Abnormal’s pure API solution offers a modern email security architecture and creates a variety of advantages over legacy options. Abnormal installs via a simple API Integration, directly with the mail provider, with no need for the creation of journal and/or transport rules. All mail is scanned via the API and remediated before a user could act on it. This modern approach means that there is no rerouting of mail, no risk of outages, no delay in delivery, and only malicious emails are stored for the purview of analysts.


With Abnormal, you can modernize your email security architecture and strengthen your organization’s defenses against malicious attacks.

Interested in learning more about Abnormal's API architecture?

Schedule a Demo
Modernizing Your Email Security Architecture: Pure API vs Transport Rules

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More
B Addressing Account Takeovers Blog
Discover how security leaders are protecting their organizations against account takeover with insights from our survey of 300 cybersecurity stakeholders.
Read More