For international law firm Bird & Bird, maintaining the integrity of legal communications is critical to protecting client relationships and upholding its brand. With over 1,600 lawyers across 32 global offices, the firm sends more than 700,000 external emails each month, making its domain a target for attackers and a potential compliance risk if spoofed.

Initially, the most pressing concern was email spoofing. Attackers were forging messages that appeared to come directly from the firm’s real domain, potentially misleading clients and partners. As Jon Spencer, Head of Infrastructure, explained: “Clients dealing with a law firm expect communications they can trust. We knew we needed a way to prove the legitimacy of our emails, and that meant implementing DMARC and getting to p=reject.”

While the firm had a secure email gateway (SEG) in place, it wasn’t enough to stop domain spoofing. Traditional SEGs inspect the content of incoming emails but don’t authenticate the sender’s domain identity, which means they can’t prevent attackers from impersonating your domain. The team recognised the need for DMARC enforcement to ensure that only authorised senders could use the Bird & Bird domain name. 

At the same time, lookalike domains were beginning to surface. When Bird & Bird received reports of suspicious websites or emails, the process for investigating and requesting takedowns was slow and manual. As Dan Fleming, Information Security Specialist, put it: “We were constantly seeing spoofed domains pop up. Once a lookalike was flagged, we’d spend hours manually investigating and chasing registrars to request takedowns. It just wasn’t scalable.”

The firm briefly explored acquiring domain variations in an attempt to stay ahead of impersonation attempts, but the scale and speed of new registrations made the approach unsustainable.

Bird & Bird turned to Red Sift to secure its domain against both known and emerging threats. The first step was deploying Red Sift OnDMARC to authenticate its email traffic and stop domain spoofing at the source.

Red Sift OnDMARC provided deep visibility into email-sending services, enabling the team to quickly surface and validate all legitimate sources. In doing so, they uncovered over 200 unauthorised services attempting to send from the @twobirds.com domain—activity that had previously gone unnoticed. Once DMARC enforcement was in place, 2% of all external traffic impersonating the firm’s domain was automatically blocked before it could reach inboxes.

“Red Sift OnDMARC gave us visibility we didn’t have before,” said Jon. “We could identify legitimate services, sign them correctly, and shut down everything else. Now, we have a complete picture of our email traffic and the confidence that it’s fully under control.”

With DMARC enforcement in place, Bird & Bird had effectively shut down exact-domain spoofing. But attackers adapted, registering deceptive lookalike domains that operated outside the firm’s infrastructure and were harder to detect. These impersonation attempts posed a growing reputational risk, as recipients of these fake messages could be tricked into trusting fraudulent websites or phishing emails.

To address this, Bird & Bird extended its protection with Red Sift Brand Trust, the domain and brand protection platform that detects high-risk lookalike domains and helps teams take them down before they can cause reputational or financial harm.

“We needed more than email authentication; we needed visibility into how our brand was being manipulated across the web,” said Dan. “Red Sift Brand Trust has given us continuous insight into emerging threats and real-time takedown capability.”

One of the first actions the Infosec team took was uploading Bird & Bird’s brand assets into Red Sift Brand Trust. Its AI-powered logo detection engine began scanning the web for unauthorised use of the firm’s branding, flagging newly registered domains that used official logos to build convincing phishing sites. This visual threat intelligence allowed the team to prioritise high-risk impersonators for rapid takedown.

“Uploading our logos gave Brand Trust a powerful signal to work with,” said Dan. “It wasn’t just flagging domains, it was identifying the ones that could do the most damage. That level of intelligence means we can act faster and with greater precision.”

With OnDMARC and Brand Trust working in tandem, Bird & Bird has built a layered approach to domain protection, stopping impersonation threats at the source and beyond the perimeter.

The biggest shift has been in operational efficiency. Instead of waiting for manual reports of suspicious activity, the team now receives real-time alerts when a potentially malicious lookalike domain is registered. If it poses a threat, it can be submitted for takedown in seconds.

“Before, we were relying on manual reporting and chasing registrars,” said Dan. “Now, we’re alerted to threats early and can take them down up to 75% faster.”

At the same time, OnDMARC continues to safeguard the firm’s legitimate email traffic, automatically flagging new senders, detecting shadow IT, and ensuring nothing unauthorised slips through.

“At the end of the day, both OnDMARC and Brand Trust are about reassurance,” Jon added. “Knowing there’s constant protection in place and that they don’t rely on manual intervention is what gives us peace of mind.”

By combining OnDMARC’s authentication capabilities with Brand Trust’s external monitoring and takedown workflows, Bird & Bird has created a holistic strategy that strengthens trust in every interaction, from inbox to browser.