Introduction
Email is a vital tool for the lifeblood of business communication all around the world. It’s so critical to the everyday running of organizations big and small, that many would agree it’s just as essential a service as electricity or water.
But its importance is exactly what makes email vulnerable from a cybersecurity perspective. With 3.4 billion phishing emails sent every day, it's evident that email systems are the prime target for cybercriminals seeking access to your business. All it takes is a single employee to fall victim to a socially engineered scam, click on an infected link, or download a malicious attachment, and your entire operation could grind to a halt.
Given how important it is for organizations to secure their email, we’ve developed this comprehensive guide to help both beginners and buyers with their email security related queries. In the following chapters, you’ll find in-depth information on:
- The email landscape and the types of threats that exist
- The different types of email security protocols or how they protect organizations from attacks, such as SPF, DKIM, MTA-STS, and DMARC
- What to look for in an email security provider
Happy reading!
Title no contents
If you're an email security architect or an analyst looking for a more technical guide, visit our Technical Email Configuration Guide. This comprehensive handbook explores SPF, DKIM, DMARC, MTA-STS, and more, offering insights and practical tips for enhancing your email security posture.

checking on a button for an external link.
checking on a button for an external link to Red Sift not new tab.
The problem with email: It isn’t as secure as you thought
Email security technologies come in many forms. But ultimately, all have a common set of goals: keeping the volume of spam emails down, detecting threats, and stopping them from reaching your inbox.
More often than not, these technologies work by looking for the most common traits of a malicious email - like a blacklisted IP address or a suspicious domain - and then blocking it from reaching your inbox. Exact domain impersonation is when an attacker uses your domain to send a fraudulent email.
All email security measures (apart from DMARC - more on that later!) are ineffective at spotting a malicious email when it appears to come from a legitimate domain.
This is because of a flaw in Simple Mail Transfer Protocol (SMTP) - the internet standard for transmission of electronic messaging. In October 2008, the Network Working Group officially labeled it ‘inherently insecure’. They said that anyone could impersonate a domain and use it to send fraudulent emails pretending to be the domain owner.
Can anyone pretend to be you?
Anyone with a very basic knowledge of coding can learn the steps required to impersonate someone’s email identity. All it takes is a quick Google search. The result is an email that looks legitimate and doesn’t have the typical indicators of a phishing attack, such as a suspicious email address. A recipient email server will then allow this email into an individual’s inbox (if the right security measures are not in place). It’s then hard for them to see that the email is, in fact, a phishing attack using a spoofed domain.
What’s a spoofed domain?
A spoofed domain is a deceptive website or email address created to resemble a legitimate domain. There are various types of spoofing techniques, such as:
- Exact domain impersonation - when an attacker spoofs your exact domain only. For example, yourcompany.com
- Lookalike domain - when an attacker registers a domain that is so similar to the original domain, it makes it difficult to spot. This is also referred to as typosquatting. For example, yourc0mpany.com
- Subdomain spoofing - when an attacker creates a legitimate-looking subdomain page where they might set up a malicious form that harvests credentials. For example, login.yourcompany.com
Email phishing: An age-old threat
Email phishing is when an attacker or ‘bad actor’ sends fraudulent emails pretending to be from a reputable organization, with the purpose of getting the recipient to reveal sensitive information like bank details or personal data. Sometimes, phishing emails are sent with the intention of deploying malicious software to the victim’s infrastructure.
According to APWG’s Q4 2023 Phishing Activity Trends Report, 2023 was a record year for phishing attacks. In total, there were almost five million phishing attacks in 2023, the worst year for phishing on record and eclipsing the 4.7 million attacks seen in 2022.
The rise of social engineering
A traditional phishing attack usually involves one fraudulent email being sent to multiple recipients. However, phishing attacks are becoming increasingly personalized thanks to the rise in social engineering, the practice of using psychological tactics to get victims to divulge sensitive information. There’s much more information readily available online, and attackers can use this to craft more specific and targeted attacks.
Battling business email compromise
While some phishing attacks focus on the consumer, bad actors know that there is much more to be gained by targeting an organization. Business Email Compromise (BEC) is an umbrella term that describes phishing attacks that target an organization by impersonating its domain. The attacker relies heavily on Social Engineering and crafts a phishing email designed to look like one from someone inside the business (usually the CEO). The main aim of this type of attack is to steal money or sensitive data.