Email Security & Anti-Phishing Infrastructure
BEC is 64% of cyber-insurance claims. Close the door.
Implementation of advanced email protection controls to mitigate phishing, malware, spoofing, and spam threats.
Strengthens communication security and reduces the risk of credential compromise and business email fraud, through authentication (SPF, DKIM, DMARC), inbound gateway tuning, and user-reporting workflows that actually work.
- Authentication audit (SPF/DKIM/DMARC)
- Gateway tuning & policy design
- User-report workflow setup
- Monthly posture review
- Incident-replay runbook
- Enforced DMARC protecting your domain from spoofing
- Reduced BEC and phishing delivery to inbox
- User-report workflow that triages in minutes
- Auditor evidence for email-security controls
How the engagement runs. Phase by phase.
DMARC audit + RUA deployment
Inventory existing SPF/DKIM, deploy p=none, start aggregate collection.
Sender catalog + SPF repair
Identify every legit sender, fix SPF records, align DKIM signing.
Gateway policy tuning
Configure anti-spoof, attachment sandboxing, URL rewriting, external warnings.
Report workflow + training
Deploy report button, wire SOC handoff, enable user feedback loop.
Graduated DMARC enforcement
Quarantine at 10% → 50% → 100%, then reject. Monitor daily.
Continuous posture
Monthly review, sender drift alerts, BEC rule tuning.
What we actually use. No secrets.
Every tool earns its place. We publish our stack so your team can audit, review, and integrate with what we bring.
- DM dmarcian / Valimail / EasyDMARCAggregate report (RUA) analysis and sender inventory
- MIMicrosoft Defender for O365Policy tuning: Safe Links, Safe Attachments, ATP
- GOGoogle Workspace SecurityAttachment sandboxing, external warning, quarantine review
- PR Proofpoint / Mimecast / AbnormalAdvanced gateway policy design + BEC ML tuning
- MX MxToolbox + custom DNS diffContinuous SPF/DKIM/DMARC/MX health checks
- UR URLhaus + VirusTotal APILink and attachment IOC enrichment for triage
- RE Report-phish button (PhishAlarm / native)Single-click reporting with SOC handoff
- SO SOAR integrations (Cortex XSOAR / Tines)Auto-containment and takedown workflows
How we do the work. Not just what.
Sender inventory via RUA
Deploy DMARC p=none first, collect 2 weeks of aggregate reports, catalog every legitimate sender, including the shadow-IT ones finance forgot to tell you about.
Graduated DMARC rollout
p=none → p=quarantine (pct=10 → 50 → 100) → p=reject. Never jump straight to reject. You will break payroll.
BIMI preparation
Once DMARC enforcement is stable, enroll in BIMI with a VMC certificate so your brand logo shows in inbox. Reduces impersonation risk.
Gateway BEC rules
Name-display impersonation detection, look-alike domain blocking, external-reply-to flagging, financial-keyword inspection.
User-report workflow
One-click 'Report Phish' button that auto-creates SOC ticket, enriches IOCs, and provides user feedback within 4 hours.
Response automation
SOAR playbook: on user report, hunt similar messages across mailboxes, auto-quarantine, notify affected users, add IOCs to block list.
Real problems. Real fixes.
Anonymized incidents from actual engagements: what broke, why it mattered, and how we fixed it.
Client had SPF flattening their record to 15 DNS lookups, silently breaking half their legitimate mail.
Monthly invoices failed DMARC, customers flagged emails as spam, no one knew why.
Audited lookup chain, split domain into subdomain scoping (billing.domain.com, hr.domain.com, etc), dropped lookup count to 4. Delivery rose 22% overnight.
Moving to p=reject blocked the CEO's third-party newsletter vendor. 60k customer emails bounced.
Marketing team threatened to veto the whole program.
Discovered vendor during p=quarantine phase (would've caught it anyway). Added them to SPF and enabled DKIM signing on their sending domain. Cut-over postponed by 5 days; zero bounces at enforcement.
BEC attack slipped through Defender. Attacker used a look-alike domain (rn instead of m).
A/P team wired $180k before the finance controller noticed.
Deployed a homograph/look-alike detection rule at the gateway, added external-sender warning banners to all finance-role inboxes, and ran a targeted simulation. Zero successful BEC in the 14 months since.
Email trust pipeline
From sender authentication to user feedback loop.
Targets, not promises.
Will enforcing DMARC break legitimate email?
Do we need to replace our email gateway?
What about B2B senders who haven't enabled DMARC?
Can you help with BIMI / VMC?
Scope a email security engagement.
30-minute scoping call. You'll talk to an operator, not a BDR.