Email Security
65 articles about Email Security
Building an email and brand defense that works: Webinar recap
DMARC is a good start, but it’s not the finish line. Learn more about the multifaceted nature of cyber attacks and what you can do to protect your brand in this webinar recap.
Read moreDMARC59% of North Central U.S. organizations exposed to email spoofing
Red Sift analyzed 1,000 North Central domains and found only 41% have full DMARC enforcement. See the state-by-state breakdown and how to close the gap.
Read moreDMARC64% of U.S. Heartland organizations exposed to email spoofing
Red Sift analyzed 900 Heartland domains and found only 36% have full DMARC enforcement. See the state-by-state breakdown and how to close the gap.
Read moreDMARCMost businesses still can't answer one simple question about their email
Just 2.5% of domains enforce DMARC at p=reject. Red Sift and Bespin Labs (Patronum) break down why email authentication stalls, and how to fix it before regulators and attackers force the issue.
Read moreEmail SecurityFBI IC3 2025 report: Email fraud is now a $4 billion problem
The FBI IC3 2025 report shows BEC, phishing, and impersonation fraud hit $4B+ in losses. Here’s what the data means for email authentication.
Read moreEmail SecurityHow widely supported are Ed25519 DKIM keys and how many providers still accept weak keys?
Red Sift tested 19 mailbox providers for Ed25519 DKIM support and weak key acceptance. Only 47% validate Ed25519, and 6 still accept broken 512-bit RSA keys.
Read moreDMARCHow to secure your brand with DMARC against email threats: Webinar recap
AI-powered phishing attacks have surged. Learn how DMARC enforcement protects your brand from exact domain spoofing in this webinar recap.
Read moreDNSNIST DNS update: What this means for your organization
NIST SP 800-81 Revision 3 reframes DNS as an active security layer for the first time since 2013. Here's what changed and why it matters for DMARC, SPF, and DKIM.
Read moreEmail SecurityMicrosoft backs DMARC as protection against Tycoon 2FA phishing surge
Attackers are using Tycoon 2FA kits to send phishing emails from misconfigured servers. Microsoft now recommends strict DMARC enforcement as the primary defense.
Read moreDMARCWhat is DMARC and how does it work effectively?
DMARC protects domains from unauthorized email by aligning SPF and DKIM results with the visible From address. This guide covers how it works and how to deploy it effectively.
Read moreEmail SecurityIETF calls for end of ARC experiment: What it means for email authentication
The IETF recommends marking ARC (Authenticated Received Chain) as obsolete after a 10-year experiment. This post explains the implications for email forwarding and authentication.
Read moreDNS4 free tools for quick email security testing
Four free tools from Red Sift to audit your email authentication in minutes: Investigate for DMARC, SPF Checker, BIMI Checker, and Blacklist Checker.
Read moreEmail SecurityDMARC, DKIM, SPF & BIMI: 5-minute playbook for Security and Marketing
A quick-reference playbook for security and marketing teams covering SPF, DKIM, DMARC, and BIMI — what each does, why all four matter, and how to implement them.
Read moreDMARCSPF, DKIM, and DMARC: the three protocols protecting your inbox (and why you need all of them)
SPF and DKIM alone can't prevent spoofing because they check different headers. This guide explains how DMARC ties them together to close the gap.
Read moreDMARCHow to simplify DMARC, SPF, and DKIM management
Managing email authentication is complex — SPF lookup limits, DKIM key rotation, configuration drift. This post shows how OnDMARC simplifies the path to full enforcement.
Read moreEmail SecurityGmail's enforcement ramps up: What bulk senders need to know
Gmail is now rejecting emails from bulk senders who lack SPF, DKIM, DMARC, and one-click unsubscribe. Here's what to fix before enforcement hits your deliverability.
Read moreEmail Security41% of top Fintech companies are vulnerable to email phishing
Only 26% of leading Fintechs enforce DMARC at p=reject, leaving the majority exposed to spoofing and phishing attacks in a heavily targeted industry.
Read moreEmail SecurityAttackers Are Abusing Microsoft 365: How to Stay Protected
Threat actors are exploiting legitimate Microsoft 365 features to bypass security controls. Here's what the attacks look like and how to shut them down.
Read moreEmail SecurityHow the EU Can Mandate Stronger Email Security
Europe has the regulatory leverage to raise the baseline for email security. Here's what a mandate could look like and why now is the right moment.
Read moreEmail SecurityThe threat of Business Email Compromise in US healthcare
Executive summary: Business Email Compromise is siphoning billions from US healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email Compromise…Continue Reading: The threat of Business Email Compromise in US healthcare
Read moreEmail SecurityZoom's Outage Shows Why Active Monitoring Is Non-Negotiable
When Zoom went down, organisations that relied on passive monitoring were caught off guard. Here's why active monitoring is the only reliable approach.
Read moreEmail SecurityMicrosoft announces new email requirements for bulk senders
Update: Includes a revision that Microsoft will now reject messages rather than moving to junk from large senders that don’t meet the sending requirements.. Everything else remains the same. When rejected, the following message will be sent instead “550; 5.7.515 Access denied, sending domain [SenderDomain] doesn’t meet the required authentication level.” This blog: Microsoft has…Continue Reading: Microsoft announces new email requirements for bulk senders
Read moreEmail SecurityCollaborative Cybersecurity: Building a Safer Internet
No organisation can secure the internet alone. Here's why collaborative approaches to cybersecurity are essential and what they look like in practice.
Read moreEmail SecurityCybersecurity Predictions for 2025: AI Changes Everything
AI is reshaping both the threat landscape and the defence toolkit. Here's what Red Sift's experts expect to define cybersecurity in 2025.
Read moreEmail SecurityHow to Make Cybersecurity a Board-Level Business Priority
Security teams struggle to get executive buy-in. Here's how to reframe the cybersecurity conversation to land at board level and drive real investment.
Read moreEmail SecurityCoinbase Phishing Attempts: Lessons for Email Security Teams
The Coinbase phishing wave showed how fast brand impersonation scales. Here's what the attacks looked like and how DMARC limits the damage.
Read moreEmail SecurityFBI & Stanford on North Korea's Email Attack Campaigns
A candid conversation on how North Korean threat actors exploit weak email authentication — and what defenders can act on today.
Read moreEmail SecurityProtecting your organization from SubdoMailing: Insights from industry experts
In early 2024, a new and alarming threat emerged in the realm of DNS security: SubdoMailing. This vulnerability has exposed significant weaknesses in DNS hygiene, allowing malicious actors to launch phishing campaigns, distribute malware, and tarnish brand reputations by circumventing existing email security measures like DMARC. Recognizing the gravity of this issue, Red Sift teamed…Continue Reading: Protecting your organization from SubdoMailing: Insights from industry experts
Read moreEmail SecurityThe Polyfill.io Supply Chain Attack: What You Need to Know
The polyfill.io domain was hijacked to inject malicious code into thousands of sites. Here's what happened, who was affected, and how to respond.
Read moreEmail SecurityDecoding the tricks: An analysis of poisoned domains in the SubdoMailing Attack
At Red Sift, we have been paying close attention to SubdoMailing – a domain takeover attack first discovered in February of 2024. Malicious actors exploited poorly maintained DNS records to send fraudulent emails impersonating legitimate brands. We identified affected organizations in our customer base and resolved the issue for all impacted users within 72 hours. …Continue Reading: Decoding the tricks: An analysis of poisoned domains in the SubdoMailing Attack
Read moreEmail SecurityWhy Cybersecurity Is Critical for Nonprofits
Nonprofits hold sensitive data and are often under-resourced on security. Here's why they're targeted and what a proportionate defence looks like.
Read moreEmail SecurityNavigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a new risk to our customer base
In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity. In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against this…Continue Reading: Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a new risk to our customer base
Read moreEmail SecurityWhere are we now? One month of Google and Yahoo’s new requirements for bulk senders
As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty. At the end of January 2024, one-third of global enterprises were bound to fail the new requirements…Continue Reading: Where are we now? One month of Google and Yahoo’s new requirements for bulk senders
Read moreEmail SecurityFebruary 1, 2024: A new era of email authentication begins
From today, Google and Yahoo are rolling out new requirements for bulk senders, ushering in a new era of email compliance. If you’re just learning about this now, here’s a quick summary: Google and Yahoo now require bulk senders – those who send more than or around 5,000 emails daily – to meet a set…Continue Reading: February 1, 2024: A new era of email authentication begins
Read moreEmail SecurityThe world is not ready for Google & Yahoo’s bulk sending requirements: Now is the time to take action
In October 2023, Google and Yahoo jointly announced new requirements to help deliver “a safer, less spammy inbox” for users. The requirements will go into place on February 1, 2024 and are specific to bulk senders – those that send over 5,000 emails daily. What are the new Google and Yahoo requirements for bulk senders?…Continue Reading: The world is not ready for Google & Yahoo’s bulk sending requirements: Now is the time to take action
Read moreEmail SecurityHow to Identify and Prevent Supply Chain Attacks
Supply chain attacks are hard to detect and devastating when they land. Here's how to identify your exposure and build defences that actually hold.
Read moreEmail SecurityCloud Integrations for Attack Surface Management
Red Sift's new cloud integrations bring AWS, Azure, and GCP visibility into your attack surface. Here's what's available and how to connect.
Read moreEmail SecurityWhat’s the difference between SMTP, IMAP, and POP3 email protocols?
Emails are an inevitable part of today’s corporate and personal life. But do you know what mechanisms a standard mail exchange process follows? Well, multiple elements are included, like email protocols, email service providers, mail user agents (MUAs), message submission agents (MSAs), mail delivery agents (MDAs), etc. …Continue Reading: What’s the difference between SMTP, IMAP, and POP3 email protocols?
Read moreEmail SecurityWhat Are Digital Assets and How Do You Protect Them?
Your digital asset footprint is bigger than you think. Here's how to map it, find exploitable exposures, and build a plan to address them.
Read moreEmail SecurityWhat Is CTEM and Why Should Your Security Team Care?
Continuous Threat Exposure Management shifts security from reactive to proactive. Here's what CTEM means in practice and how to get started.
Read moreEmail SecurityWhat is an Attack Surface? Understanding Attack Surface Management (ASM) and Monitoring
Attack Surface Management or ASM is an emerging priority for IT-driven businesses aiming to complement their existing security testing and monitoring. It’s the process of continuous asset discovery, inventory, classification, and monitoring of a company’s technical architecture…Continue Reading: What is an Attack Surface? Understanding Attack Surface Management (ASM) and Monitoring
Read moreEmail SecurityThe Data Must Flow, Part 2: Lessons from the Field
The second instalment in Red Sift's data security series goes deeper on real-world lessons from protecting data at scale. Here's what we found.
Read moreEmail Security7 Reasons Healthcare Is a Prime Cyberattack Target
Healthcare faces unique cyber risks: legacy systems, high-value data, under-resourced teams. Here's what makes the sector so vulnerable.
Read moreEmail SecurityDon't Get Hooked: Avoiding Phishing Emails This Halloween
Phishing campaigns spike around Halloween. Here's how attackers use seasonal themes to trick users — and how to keep your organisation safe.
Read moreEmail SecurityMastering the Art of Email Deliverability, by Yanna-Torry Aspraki
This week’s blog comes from Yanna-Torry Aspraki, Business Development & Deliverability Specialist at EmailConsul. In this blog, she gives expert insight into the world of email deliverability and covers the ins and outs of how you can improve yours…Continue Reading: Mastering the Art of Email Deliverability, by Yanna-Torry Aspraki
Read moreEmail Security5 email security basics for every type of business
What essential building blocks should make up the foundation of your email security posture? In this blog, we’ll cover the 5 email security measures every business should have in place…Continue Reading: 5 email security basics for every type of business
Read moreEmail SecurityHoliday Phishing: How Attackers Target Festive Shoppers
Christmas is peak season for phishing. Here's how attackers exploit the gift-buying rush to steal credentials, card data, and identities.
Read moreEmail SecurityEmail Security in an SEC-Regulated Environment: What to Know
SEC cyber disclosure rules raise the stakes for email security. Here's what regulated firms need to know about compliance and breach reporting.
Read moreEmail SecurityHow FCrDNS affects email deliverability & security
The objective of FCrDNS is to reduce the amount of incoming spam that is processed by a mail server. This check happens as soon as a connection is made to your SMTP server, prior to any other header information being received…Continue Reading: How FCrDNS affects email deliverability & security
Read moreEmail SecurityThe Resurgence of Email Marketing – How to Run Impactful and Secure Campaigns in Light of COVID-19
One element of the marketing mix that’s increased in light of COVID-19 is email marketing, but the security is often overlooked in periods of rapid change…Continue Reading: The Resurgence of Email Marketing – How to Run Impactful and Secure Campaigns in Light of COVID-19
Read moreEmail SecurityDetecting COVID-19 Phishing Emails Using Machine Learning
Pandemic-themed phishing surged in 2020. Here's how Red Sift used machine learning to detect and classify COVID-19 phishing campaigns in real time.
Read moreEmail SecurityHow Phishing Attacks Exploit Global Crises and Breaking News
Attackers use global events to craft convincing phishing lures. Here's how these campaigns work and what to watch out for during major news cycles.
Read moreEmail SecurityBEC Attacks Cost Businesses $1.8B in 2019
The improved effectiveness of BEC attacks stems from hackers creating elaborate campaigns that cover tracks and evade signs of detection. …Continue Reading: BEC Attacks Cost Businesses $1.8B in 2019
Read moreEmail SecurityWriting BPF Code in Rust: A Practical Guide
Rust brings memory safety and performance to BPF development. Here's a hands-on walkthrough of writing BPF code in Rust from the ground up.
Read moreEmail SecurityUK Political Parties Are Dangerously Exposed to Phishing
Red Sift research found major UK political parties lack basic DMARC protection. Here's what was found and what it takes to fix it.
Read moreEmail SecurityWhy We Invested in Red Sift: The Email Security Opportunity
Red Sift's investors explain what drew them to the company — the evolution of email, the scale of the problem, and what sets the platform apart.
Read moreEmail SecurityA Comedy of Email Errors — With Serious Consequences
Email mistakes happen every day — but some have serious security consequences. Here's a look at common errors and what they teach us about risk.
Read moreEmail SecurityWhat the Hack? A Plain-English Guide to How Breaches Happen
Hacks don't require elite skills — most follow predictable patterns. Here's a clear-eyed look at how attackers actually get in and what stops them.
Read moreEmail Security4 in 10 Banks Are Failing on Email Fraud Protection
Red Sift research found 40% of leading banks lack email fraud protection. Here's the methodology, the findings, and what banks need to do.
Read moreEmail SecurityWhy Short-Term Thinking Is Losing the Cyber War
Patching one vulnerability at a time won't beat sophisticated attackers. Here's why organisations need a structural approach to cyber resilience.
Read moreEmail SecurityCybersecurity Concepts Explained in GIFs
Security jargon can be impenetrable. Here are five core cybersecurity concepts broken down visually — because sometimes a GIF explains it best.
Read moreEmail SecurityRetro or renegade? Remembering the technology of yore
Switch on the lava lamp and settle down with a sherbet Dip Dab. Today, we’re talking about why we love retro – and why it doesn’t always love us…Continue Reading: Retro or renegade? Remembering the technology of yore
Read moreEmail SecurityMaking the Most of Google's Anti-Phishing and Malware Tools
Google has expanded its anti-phishing and malware capabilities. Here's a practical guide to getting the most out of them for your organisation.
Read moreEmail Security12 email security terms everyone should know about
We’ve compiled a short, jargon-busting, no-nonsense overview of what these email security terms mean that will take you from beginner to boffin…Continue Reading: 12 email security terms everyone should know about
Read moreEmail SecurityThe internet is 50 years old but email scams are still rife
While email turned 50 years old in November 2021, it wasn’t until the commercialization of the internet in the mid-90s that it truly took off as one of the world’s preeminent communications tools. Unfortunately, its rise also spawned meteoric misuse as unscrupulous scammers began peddling unwanted products, bogus deals, and even computer viruses to the masses…Continue Reading: The internet is 50 years old but email scams are still rife
Read more