Overview
Email is the primary attack vector for phishing, business email compromise (BEC), and malware delivery. Most organizations have some email security controls in place, but misconfigured authentication records, gaps in filtering, and weak platform settings leave the door open. We audit your full email security posture — from DNS authentication records to platform-level security settings — and give you a clear picture of what's protecting you and what isn't.
An organization came to us after a vendor impersonation attack nearly sent a wire payment to the wrong account. Their SPF and DMARC records were present but misconfigured. An attacker had sent a convincing email from a domain that appeared nearly identical to their vendor's. The technical controls were there — they just weren't working.
Authentication & Anti-Spoofing
We audit your SPF, DKIM, and DMARC records for correctness and enforcement posture. An SPF record that permits too many senders, a DMARC policy stuck at "none," or a missing DKIM selector can allow attackers to send email as your domain — or a domain indistinguishable from it.
Phishing Defense Review
We assess your email filtering configuration, link-scanning settings, attachment controls, and impersonation protection to evaluate how much of a phishing attack would realistically make it to your users' inboxes under your current setup.
Platform Security Configuration
We review your Microsoft 365 or Google Workspace email security settings against current best practices — including admin access controls, conditional access policies, mailbox forwarding rules, and audit logging — and flag the configurations that represent the most common footholds for attackers.
Business email compromise is consistently one of the highest-loss cybercrime categories tracked by the FBI IC3. The technical controls that prevent it are well understood — most organizations just haven't verified they're working.
What You Can Expect
- Full audit of SPF, DKIM, and DMARC records and enforcement posture
- Phishing filter and attachment control configuration review
- Microsoft 365 or Google Workspace security settings assessment
- Review of email admin access, forwarding rules, and audit logging
- Remediation report with prioritized technical recommendations
Engagement Fee
Email Security Audit
- SPF, DKIM, and DMARC records audit and enforcement review
- Phishing filter and platform security configuration assessment
- Microsoft 365 or Google Workspace settings review
- Remediation report with prioritized technical recommendations
Want to test how your team responds when something gets through? Our Incident Response Tabletop Exercises simulate phishing and BEC scenarios so your team knows exactly what to do.
Who This Is For
- Organizations that have experienced phishing attacks, business email compromise attempts, or wire fraud targeting their email environment
- IT teams that have SPF, DKIM, and DMARC records in place but aren't confident they're configured correctly or enforcing at the right level
- Companies onboarding Microsoft 365 or Google Workspace and wanting to verify that platform security settings are configured correctly from the start
- Organizations preparing for SOC 2, HIPAA, or cyber liability insurance renewal where email security controls are evaluated
- Any organization that hasn't formally reviewed their email security posture since migrating to cloud-based email
Common Questions
What is DMARC and why does it matter?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that tells receiving mail servers what to do with messages that fail SPF or DKIM checks. A DMARC policy at "reject" or "quarantine" prevents attackers from sending email that appears to come from your domain. A policy stuck at "none" collects reporting data but allows spoofed emails to reach inboxes. Most organizations have DMARC records that are configured but not enforcing — which means they're visible to security reviewers without actually protecting anyone.
What is business email compromise (BEC) and how is it different from phishing?
Business email compromise (BEC) is a targeted attack in which a fraudster impersonates a trusted party (an executive, vendor, or attorney) to manipulate employees into taking a financial action — typically a wire transfer, payroll redirect, or gift card purchase. Unlike mass phishing, BEC attacks are personalized, low-volume, and often contain no malicious links or attachments that filtering tools can catch. They rely on social engineering and email authentication gaps. The FBI consistently ranks BEC among the highest-loss cybercrime categories, with losses in the billions annually. The technical controls that prevent BEC (strong DMARC enforcement, impersonation protection, mailbox rule monitoring) are knowable and auditable.
What Microsoft 365 or Google Workspace settings most commonly create security gaps?
The most frequently misconfigured areas include: mailbox forwarding rules set to auto-forward email externally (a common attacker persistence mechanism), conditional access policies that don't enforce MFA for all users or allow legacy authentication protocols, admin accounts without phishing-resistant MFA, anti-phishing and impersonation protection policies set to audit-only rather than enforcement mode, and audit logging that is enabled but never reviewed. These configurations are often set during initial deployment and not revisited as the threat landscape evolves.