Techniques for minimizing data flow from a first computing infrastructure hosting an email service platform to a second computing infrastructure at least partly hosting an email security platform that provides security analysis on emails of the email service. The email security platform may extract metadata from emails received at the first computing infrastructure, and send that metadata to the second computing infrastructure that is hosting a back end of the email service platform. The metadata extracted from the emails may include less confidential contained in an email, but enough information for the email security platform to determine whether an email is potentially malicious. Thus, the security analysis performed on emails to detect malicious attacks may be offloaded to the second computing infrastructure, but the metadata that leaves the first computing infrastructure and flows to the second computing infrastructure may be minimized by extracting meaningful metadata.