Which approach is essential for protecting email servers from external threats when connected to untrusted networks?

The Demilitarized Zone (DMZ) is an essential approach for protecting email servers from external threats, particularly when these servers are connected to untrusted networks. A DMZ acts as a buffer zone between an internal network and an external network, such as the internet. By placing the email servers in a DMZ, organizations can better control access to these servers and limit exposure to potential attacks from untrusted sources.

In a DMZ configuration, external access to the email servers can be managed through firewalls and other security measures, thereby reducing the risk of attacks penetrating the internal network. The use of a DMZ ensures that even if an email server is compromised, the attacker's ability to move laterally into the more secure internal network is significantly hindered.

Other approaches like defense in depth focus on layered security measures throughout the network, while degaussing refers to erasing data from magnetic media and does not relate to network security practices. A database by itself does not offer any specific protective measures against external threats for email servers. Therefore, the DMZ stands out as the most effective strategy for safeguarding email servers connected to untrusted networks.