The Red Sift Blog
The future of email security: Innovations, challenges, and the role of DMARC
Filter all blogs
All blogs
The future of email security: Innovations, challenges, and the role of DMARC
Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…
Read more
Why implementing DMARC is essential for Aviation
If you’re in aviation and still haven’t locked down your email security, you’re taking a serious risk. Cyberattacks on airlines, airports, and aerospace companies are up 131% in just one year. Phishing and Business Email Compromise (BEC) scams are hammering the industry, costing millions, causing chaos, and damaging customer trust. Attackers aren’t just targeting…
Read more
Red Sift Brand Trust joins Cisco portfolio to extend domain and brand…
Many organizations have implemented email authentication and hardened their owned domains against abuse. But a more exposed and less controlled surface remains: the brand. With the ease and efficiency of AI tools, brand impersonation has become a successful tactic for bypassing technical controls and targeting users directly. While email authentication protocols like DMARC can…
Read more
Red Sift debuts the industry’s first AI Agent for lookalike classification
As brand impersonation grows in scale and sophistication, security teams face a dual challenge: uncovering the full extent of the threat and deciding what to do with what they find. For many, the first hurdle—detection—remains a work in progress. But for those with mature discovery pipelines, a new problem has emerged: volume. As visibility…
Read more
Why DMARC should top your MSP roadmap in 2025
Executive summary: Email remains the easiest way for criminals to reach customers, and major mailbox providers have decided that unauthenticated mail is no longer welcome. Google and Yahoo started rejecting bulk messages without DMARC in early 2024, and Microsoft 365 will follow in 2025. Yet only 9.7% of the world’s 73 million active domains…
Read more
Red Sift’s 2025 Spring Quarterly Product Release
This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence. Highlights include: OnDMARC BIMI: Now with full Digicert & CMC support OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through…
Read more
The threat of Business Email Compromise in US healthcare
Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…
Read more
Cloudflare selects Red Sift as a preferred partner to provide DMARC and…
AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience. Today’s alignment enhances Cloudflare’s…
Read more
New Zealand moves to mandate DMARC enforcement
Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…
Read more
DMARC: The best ROI for your organization
Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…
Read more
400,000 DMARC boost after Microsoft’s high-volume sender update
Microsoft’s decision to join Google and Yahoo in enforcing stricter rules for high-volume senders has triggered an immediate response across the internet. In the last 30 days alone, 406,042 new domains have deployed Domain‑based Message Authentication, Reporting & Conformance (DMARC), pushing the global total to 10.9 million. While not all domains will be exclusive Outlook users,…
Read more
Red Sift partners with Gradian to strengthen email security through OnDMARC
Today Red Sift launches a new partnership with Gradian, a leading data protection provider, to offer its award-winning applications, including Red Sift OnDMARC, to new and existing customers. Established through Red Sift’s relationship with UK distributor E92plus, the two companies look to strengthen defences against phishing and Business Email Compromise (BEC) attacks. Allowing organisations…
Read more
DMARCbis: What are the changes and how to be ready
Executive Summary: DMARCbis, also known as DMARC 2.0, is the forthcoming update to the DMARC email authentication protocol, designed to address limitations and ambiguities in the original standard, with an expectation to be finalized and published in 2025. The update introduces clearer guidelines, a new method for determining organizational domains, and streamlined record management.…
Read more
TLS certificates are changing: What you need to know
Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…
Read more
The hidden threat: How misconfigured DKIM enables replay attacks
Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…
Read more
Why DMARC and BIMI are a business priority
Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…
Read more
Zoom stops zooming: Why active monitoring is essential
On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…
Read more
Why DMARC matters: Protect your organization from evolving phishing threats
Phishing campaigns continue to change. Attackers are adapting faster than traditional security tools, using more subtle methods to bypass filters and reach inboxes. The latest KnowBe 4 Phishing Threat Trends Report (2025) shows a steady increase in attacks that slip through email security platforms and a growing use of techniques that avoid detection, increasing…
Read more
Red Sift OnDMARC joins the Jisc Chest platform to strengthen email security…
With the National Cyber Security Centre’s (NCSC) Mail Check tool having retired its free DMARC reporting service in March 2025, education and research institutions across the UK are now facing a critical visibility gap when it comes to email-based threats. To help address this, Red Sift is now working with Jisc—the UK’s not-for-profit provider…
Read more
Microsoft announces new email requirements for bulk senders
Update: Includes a revision that Microsoft will now reject messages rather than moving to junk from large senders that don’t meet the sending requirements.. Everything else remains the same. When rejected, the following message will be sent instead “550; 5.7.515 Access denied, sending domain [SenderDomain] doesn’t meet the required authentication level.” This blog: Microsoft…
Read more
From concept to market leader: Reflecting on the development of Red Sift…
Following Red Sift OnDMARC being featured in 18 reports in G2’s Spring 2025 Report, CEO Rahul Powar shares his thoughts on the innovation behind the product—and what’s driving its continued momentum in the fight against phishing and Business Email Compromise (BEC). When I founded Red Sift, my goal was to make proactive cybersecurity accessible…
Read more