Modernizing Your Email Security Architecture: Pure API vs Transport Rules

Learn about the distinct functionalities of transport rule-based and API-based solutions to make informed decisions about your security architecture.
June 15, 2023

Today’s organizations face an ever-growing number of cyber threats, making email security an essential part of any cybersecurity program. To protect their systems from the latest threats, organizations must consider the best solutions for their specific security needs and environments. This is why it is so important to be familiar with the distinct functionalities of the tools available.

By understanding the strengths and weaknesses of both transport rule-based and API-based solutions, organizations can make informed decisions about their email security architecture that will help them protect their systems from the latest cyberthreats — ultimately allowing them to strengthen their cyberdefenses for maximum protection going forward.

What are Transport Rules and How Are They Used?

In Office 365, a transport rule is a feature that allows you to define and apply specific actions to email messages that pass through the mail flow of your organization. It helps you enforce messaging policies, apply message classifications, and take various actions based on specific conditions or criteria. Transport rules are typically used by administrators to manage email flow, apply compliance policies, and automate certain actions.

Some legacy email security solutions leverage transport rules to reroute mail outside of O365 to themselves for scanning.

Downfalls of Transport Rule-Based Solutions

Transport rule-based solutions have several significant drawbacks. The most egregious is the risk to email availability. If the solution or their hosting provider has an outage, mail is no longer able to be sent back to O365, creating a total mail outage.


Even when mail is being scanned and delivered as it should be, delivery is delayed while each email is scanned. This can lead to a slow inbox experience and can be frustrating for users. Furthermore, transport rule-based solutions typically store a copy of ALL mail that they scan, creating a concern around data residency, security, and potentially compliance if regulatory concerns are at play.

A security approach built on the architecture of transport rules should be evaluated closely for potential impact, and risk, from service delays, availability and continuity, and data privacy/security.

Benefits of Abnormal's Pure API Solution

Abnormal’s pure API solution offers a modern email security architecture and creates a variety of advantages over legacy options. Abnormal installs via a simple API Integration, directly with the mail provider, with no need for the creation of journal and/or transport rules. All mail is scanned via the API and remediated before a user could act on it. This modern approach means that there is no rerouting of mail, no risk of outages, no delay in delivery, and only malicious emails are stored for the purview of analysts.


With Abnormal, you can modernize your email security architecture and strengthen your organization’s defenses against malicious attacks.

Interested in learning more about Abnormal's API architecture?

Schedule a Demo
Modernizing Your Email Security Architecture: Pure API vs Transport Rules

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More