What to look for when choosing an email service provider for your small- or medium-sized business

Local small businesses using Gmail or Yahoo for all their business communication is not exactly uncommon. But there are many reasons why this does not scale.

First, an @gmail.com address does not sound professional. If you want to scale beyond your neighborhood, a professional email set up on your own domain is highly desirable. An email system on your business domain also becomes inevitable when you grow and have different departments within your organization. Even a small team of sales executives may need their own business email accounts to handle communication with their prospects.

There are essentially three main factors to consider while picking an email service provider – cost, features and security.

1. Cost

Setting up an email server used to be expensive. But the good thing here is that most email service providers today are cloud-based. As a result, there is no setup required at your end and this essentially means there is no capital cost involved either. Such cloud-based services are priced based on the number of users (unique email accounts) you need. This way, it is highly scalable, and you only pay for the number of email addresses you need for your business.

It is worth noting that it is possible to set up your own email server. While there are a number of open source scripts that can make this possible for you, you would still incur the high costs of owning or renting a server. This also demands extensive technical expertise and maintenance and is thus highly not recommended.

2. Features

This is perhaps the most important consideration for a business from an operational standpoint. An email service provider delivers much more than a communication address for each of your employees. Besides the standard feature requirements like large storage space, intuitive UI and standard limitations (regarding the type and size of files to share), here are other vital features to look at.

• Catch-all: This is an often-overlooked feature that does not come by default on a number of email providers. The “catch-all” feature forwards every incoming email (not addressed to any of the designated users) to one primary ID. This is especially useful when you get inbound enquiries addressed to employees who are no longer with your company. Such emails get routed to an active email address and thus can be promptly addressed.
• Spam filters: At the other end of the spectrum is spam mail which is unsolicited and not only wastes your employee’s time and resources, but can also be a drain on your storage space. Your email service provider needs to have a strong spam filter which can block out all junk messages. At the same time, it is important to make sure that the filter is not too sensitive as to block legitimate messages that you may be interested in. If the service provider you are interested in does not have a great reputation for spam filtering, you may also look at third party tools that specialize in spam filtering. Like spam, your email service should also scan and filter potential malware scripts. However, most organizations have a dedicated anti-virus tool which scans emails among other things. So your email provider does not have to necessarily offer this.
• Integration: This is an area where mainstream service providers like Google and Microsoft excel at. Paying for a Google email address also gets you access to their other products like Google Drive, Calendar and Hangouts. These are tools that are very useful for a business user and thus provides these organizations with a competitive edge over smaller rivals. It is however worth pointing out that it is quite common for business users to use their Calendar and Drive from their private Gmail accounts. But this is not recommended from a security perspective (which we discuss below).

3. Security

Email serves as the fundamental pillar for business communications. Even if your organization uses third party tools like Dropbox, Trello and Salesforce for managing your various business projects, all these accounts are tied to your email address. Hacking your email address can give an unauthorized third-party access to all these other tools as well.

In addition to losing confidential business data, employees who handle financial transactions are vulnerable to spoofing-based attacks from hackers posing as the user’s bank or the tax authority. Adhering to security standards like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting and Conformance) can prevent such spoofing-attacks.

Encryption is another vital aspect of email security. It is worth noting that all encrypted text is not equally secure and the ease of deciphering the encrypted text depends on the keys used. In general, an AES 256-bit encryption key is several times more secure than an AES 128-bit. Also, it is important to remember that end-to-end encryption (E2E) is not yet a standard even on the most popular email communication tools like Gmail. With E2E encryption, it is possible to prevent hackers from stealing the key and using it to deciphering your communication. Although man-in-the-middle attacks are still technically possible, these standards make business communication a lot more secure than they are otherwise.

In many ways, given the way your email address is tied to each of your devices and internet applications, securing it is of extreme importance. At the same time, email is also a productivity tool and business users demand products that have great scalability and integration. As a CIO, it is important to weigh in the technological and operational perspectives before you choose the right provider for your organization.