Email messages with an attachment
In an attempt to protect users from malicious attachments, Duke OIT employs the Proofpoint TAP service to scan and sandbox (test the executable portions of attachments for malicious behavior in a safe place) all new incoming attachments before delivering them to end users. This results in better security, but at the cost of delay in delivery of some messages. The author seeks to quantify these delays to help OIT and users better judge if the gain in security outweighs the inconvenience of slower delivery. This slow delivery are likely caused by the inefficiency in the two parts of the Duke Mail System: the Duke Email Pre-Processing System and Office 365. In regards to the Duke Email Pre-Processing System, the Proofpoint Target Attack Protection (TAP) checks and verifies not only the links but also the attachments contained in all the emails that are sent to Duke email account. The attachment contained in an email is an important factor that affects the delivery latency in the Duke Email Pre-Processing system. Theauthor measured how the types and sizes of the email attachments can affect the email delivery latency in the Pre-Processing System. In regards to Office 365, the author also compare emails with different types and sizes, though delivering emails within Office 365 is beyond Duke OIT’s control. Two comparisons were made to verify the author’s assumptions before this experiment. One comparison is between emails with emails with three common types of attachments, involving pdf, docx, and pptx. Before the experiment, one of the author’s assumptions was that different types of attachments may have different delivery latencies, because the author assume that the attachments will be checked and verified by Proofpoint TAP and wanted to know how this verification process can affect the email delivery latency. The othercomparison is between emails with a small attachment and emails with a large attachments, because different sizes of attachments may bring different lengths of latency. The reason is that transmitting different sizes of data may result in different performance in email delivery. The results showed that a considerable change occurred on February 7, 2017 in the email delivery latency pattern in the Duke Email Pre-Processing System and another notable change occurred on February 9, 2017 in the email delivery latency pattern in Office 365. In regards to the Duke Email Pre-Processing System, before February 7, 2017, only emails with a 64K pdf went through all the stages in the Duke Mail System without being checked by the Proofpoint TAP (the delivery latency was very short, which was a few seconds) while other kinds of emails were checked and verified by the Proofpoint TAP (the delivery latency,which was over 300 seconds on average, was very long). After February 7, 2017, generally, the average delivery latencies dropped a little. Only emails with a pdf attachment were checked and verified by the Proofpoint TAP while other kinds of emails went through all stages of the Duke Mail System without Proofpoint checking. In regards to Office 365, the average delivery latencies of all the emails with attachments dropped on February 9, 2017, though the emails with a large attachment always showed longer delivery latency than the emails with a small attachment.