Cloudflare, known for providing tools to boost security and reliability for websites, is dipping its toe into another major area of internet communication: email.
“A huge percentage of threats that come into any organization today are still coming via email,” says CEO Matthew Prince, pointing to phishing attacks aimed at scamming recipients into sharing data and malware attached to email messages.
The company is rolling out free tools to route incoming emails through Cloudflare’s network to a destination of your choice. The service gives customers the ability to still use the email-hosting service they prefer, including big names like Google and Microsoft, but it gives them some added flexibility, such as adding new addresses at their corporate domains to forward to addresses of their choice. It comes as part of a Cloudflare tradition of rolling out new features on the anniversary of the company’s Sept. 27, 2010, founding. (Previous birthdays having been marked with new products like domain registration and free support for encrypted web traffic.)
In its current form, Cloudflare’s email offering appears to be similar to services typically offered by web-hosting companies. Over the next year, however, the company anticipates adding additional features, such as scanning mail for security threats, potentially adding flags to let IT providers automatically quarantine suspicious messages, and sandboxing links in emails so that they’re routed through Cloudflare’s networks for added security rather than opened directly. The company already offers browser isolation technology which lets customers have web code run on Cloudflare servers rather than directly on customer machines as would normally be the case, reducing the risk of malware.
Exact email security features available at different price points remain to be determined, but Prince says the company intends to offer at least some level of the service for free.
“Once the email is routing through us, then that will allow us to start to offer those additional security features over time,” he says.
One thing Cloudflare is unlikely to do is to start hosting email directly, so users likely will still need to work with a traditional email provider and won’t simply be able to sign up for email accounts with Cloudflare. That’s in line with the company’s general focus on network technologies rather than tasks, such as storing and searching through inboxes, Prince says.
“Use whatever you want,” he says. “Use your old AOL account if you want to use it. What we want to do is add that extra layer of security in front of wherever you’re hosting your email.”
Cloudflare also unveiled new tools to help companies set up settings like DomainKeys and Sender Policy Framework on their domain names that make it harder for scammers to impersonate them to send out fraudulent emails. Those settings are powerful ways to prevent email forging, Prince says, but they’re also quite easy to misconfigure.
While email is a new avenue for Cloudflare, Prince says the new tools come as a result of customer requests.
“I think when we decided to do this, it was really because so many of our existing customers were asking us to do something in this space,” he says.