Skip to main content

Your email security catches millions of messages.
But that one targeted impersonation?

Every layer sharp, on the biggest attack path

An international offshore contractor with eight email domains and millions of messages a month. The email security caught plenty, but not every layer was sharp, and DMARC enforced nothing. We tested it, and showed what was still open.

Email security · layersHealth check
Inkomend · miljoenen/mndSPF · DKIM · filteringDMARC · rejectPAD → REJECT8 dom.
Source · health check8 domains · SPF/DKIM/DMARC
Sector
International offshore contractor
Scale
8 domains, millions of messages/month
Engagement
Email security health check
Frameworks
SPF, DKIM, DMARC
Domains
8
every email domain tested for authentication and spoofability.
DMARC
Enforced
from monitor-only to blocking: spoofing in your name stopped.
Layers
Sharp
every protective layer from partly tuned to optimised.

The challenge

Catching a lot is not the same as stopping the right things.

The email security was running and filtering out huge volumes. But whether every protective layer was sharp, and whether a targeted impersonation in your name was stopped, was not assured.

Protective layersState
Sharp
Partly tuned, needs attention
Sharp
Attention
  • 01

    DMARC enforced nothing. The domains were set to monitor-only; spoofing in your name was not blocked.

  • 02

    Domains were spoofable. Even dormant domains could be abused to email in the organisation’s name.

  • 03

    Impersonation and isolation controls were partly tuned. The very layers that catch targeted attacks were not fully on.

  • 04

    No one could prove it. There was no factual picture of what was sharp and what was still open.

Your email security catches millions of messages. The question is whether it also stops that one targeted impersonation that matters.

The approach

Not trust the volume. Check every layer.

A health check of the entire email gateway and the public records, per domain, against best practice.

Assessed per layerComplete
Tested per domain8 domains
Against best practiceBenchmark
01

The gateway mapped

Every protective layer assessed: authentication, anti-spam, impersonation control, sandbox, URL and attachment isolation. Optimised, partial, or needs attention.

02

The public records tested

SPF, DKIM and DMARC checked for all eight domains, including dormant domains that allowed spoofing.

03

The gap named

The volume was not the problem, but the layers that catch targeted attacks and were not fully on, plus DMARC that enforced nothing.

04

A hardening path

A concrete path: DMARC to enforcing, spoofable domains closed, impersonation and isolation controls fully on.

The solution

From assuming to knowing what is open.

What stands now: a factual picture of every protective layer and every domain, and a concrete path to close the gaps on the attack path that comes in most.

Beforep=none
Nowp=reject
DMARC: from monitor to enforce

The domains from monitor-only to blocking, so no one emails in your name unpunished.

Assessed per layer

Every protective layer scored optimised, partial or needs attention, no assumptions, a factual picture.

Spoofable domains closed

Including dormant domains that could be abused, in view and closable.

Layers fully on

Impersonation, sandbox and isolation controls sharp, an order to start with.

“We were already catching a lot. Now we know that the one email that matters no longer slips through.”

IT security manager · international offshore contractor

The result

From catching a lot to stopping the right things.

Before
  • -DMARC monitor-only; spoofing in your name possible
  • -Spoofable, including dormant, domains
  • -Impersonation and isolation layers partly tuned
  • -No factual picture of what was sharp
Now
  • DMARC to enforcing: spoofing in your name stopped.
  • Spoofable domains in view and closed.
  • Every protective layer sharp, no longer half.
  • A factual picture per layer and domain, and a path to keep it that way.

A similar challenge?

No pitch. One conversation.

One conversation in which we determine whether, and how, this works for your organisation too.

Schedule a conversation

30 minutes with a senior, no pitch.

Speak with an architectCall directly088 - 163 23 25