Are you tired of hearing about Email servers, yet? And Email leaks?
I sure as hell am; that’s the background music of my entire professional career. Once more unto the breach, dear friends…

Back in the winter of 1992/3 when I was a young puppy working at Trusted Information Systems, I had just come down off of building the first commercial internet firewall product (DEC SEAL) when I was at Digital, and TIS’ CEO, Steve Walker, got a call from his main contact at DARPA asking “do you have anyone there who knows anything about ‘firewalls’?”  Well, yes.
We had a meeting in his office and agreed to go down to DARPA’s offices (AKA: “The Enterprise”) in Virginia, and talk about it, and I was too full of ideas to sleep so I stayed up all night and wrote a thumbnail sketch of a proposal for how to do email/connectivity/security for, well, any remote executive team. At the time, VPNs* weren’t a thing; I had experimented with building encrypted network-layer software when I was at DEC, using some packet tunnelling code from Julian Onions and rather cleverly didn’t patent any of my work.**  So I put together a rough architecture which we left behind with the DARPA folks, who called back a couple days later and said “do it.” In the end, it turned out we didn’t do the whole architecture; they really just used the research project as a slush fund for buying the White House a T-1 line to UUnet, and setting up an Email server, which I did on the massively overpowered Sun4/M “whitehouse.gov” which lived next to my desk in Glenwood, MD until we moved it to the computer room.
The overall architecture I proposed included VPN and encrypted remote access but was primarily built around the idea that the email server would be isolated to a purpose-built network that was monitored for any traffic not entirely related to Email. It was to be an enclosed and monitored system, and I did some early work on what later became called “intrusion detection”*** – the idea being to flag any traffic that did not exactly match the known patterns of SMTP clients talking to a known server. In other words, it was going to be a super-secure Email service – what we’d now call a “cloud server” except managed as a very small enclave for a limited clientele.
<snip>