Your email security catches millions of messages.
But that one targeted impersonation?
Every layer sharp, on the biggest attack path
An international offshore contractor with eight email domains and millions of messages a month. The email security caught plenty, but not every layer was sharp, and DMARC enforced nothing. We tested it, and showed what was still open.
The challenge
Catching a lot is not the same as stopping the right things.
The email security was running and filtering out huge volumes. But whether every protective layer was sharp, and whether a targeted impersonation in your name was stopped, was not assured.
- 01
DMARC enforced nothing. The domains were set to monitor-only; spoofing in your name was not blocked.
- 02
Domains were spoofable. Even dormant domains could be abused to email in the organisation’s name.
- 03
Impersonation and isolation controls were partly tuned. The very layers that catch targeted attacks were not fully on.
- 04
No one could prove it. There was no factual picture of what was sharp and what was still open.
Your email security catches millions of messages. The question is whether it also stops that one targeted impersonation that matters.
The approach
Not trust the volume. Check every layer.
A health check of the entire email gateway and the public records, per domain, against best practice.
The gateway mapped
Every protective layer assessed: authentication, anti-spam, impersonation control, sandbox, URL and attachment isolation. Optimised, partial, or needs attention.
The public records tested
SPF, DKIM and DMARC checked for all eight domains, including dormant domains that allowed spoofing.
The gap named
The volume was not the problem, but the layers that catch targeted attacks and were not fully on, plus DMARC that enforced nothing.
A hardening path
A concrete path: DMARC to enforcing, spoofable domains closed, impersonation and isolation controls fully on.
The solution
From assuming to knowing what is open.
What stands now: a factual picture of every protective layer and every domain, and a concrete path to close the gaps on the attack path that comes in most.
The domains from monitor-only to blocking, so no one emails in your name unpunished.
Every protective layer scored optimised, partial or needs attention, no assumptions, a factual picture.
Including dormant domains that could be abused, in view and closable.
Impersonation, sandbox and isolation controls sharp, an order to start with.
“We were already catching a lot. Now we know that the one email that matters no longer slips through.”
The result
From catching a lot to stopping the right things.
- -DMARC monitor-only; spoofing in your name possible
- -Spoofable, including dormant, domains
- -Impersonation and isolation layers partly tuned
- -No factual picture of what was sharp
- ✓DMARC to enforcing: spoofing in your name stopped.
- ✓Spoofable domains in view and closed.
- ✓Every protective layer sharp, no longer half.
- ✓A factual picture per layer and domain, and a path to keep it that way.
A similar challenge?
No pitch. One conversation.
One conversation in which we determine whether, and how, this works for your organisation too.
Schedule a conversation