3 ways the Digital Operational Resilience Act relates to email and domain security

The Digital Operational Resilience Act (DORA) is a piece of legislation set to be introduced later this year. Ultimately, it’s a comprehensive rulebook outlining what financial services organizations and third-party software providers must do to become digitally resilient to cyber threats. While DORA primarily affects businesses in the European Union’s financial services sector, it will also apply to any financial organization outside the EU needing access to this market. So, DORA applies to businesses all over the globe. 

To comply with DORA, businesses must make provisions in all areas; from educating board members, to conducting staff training, and reviewing insurance. 

But a key area that shouldn’t be overlooked is email and domain security, or rather how businesses look to mitigate threats relating to this. 

In this blog, we explore three ways DORA relates to email and domain security, and what businesses can do to strengthen resilience in this area.

1. Email is the global medium for business communication and resilience is crucial

Email is the number one medium for business communication worldwide, with over 333 billion emails sent every day in 2022. So it’s no surprise that attackers target organizations through this sensitive threat vector. Business Email Compromise (BEC) attacks such as Vendor Fraud and CEO Fraud threaten business continuity and operational resilience daily. Often what makes these successful is ‘domain spoofing.’ This is when a cybercriminal impersonates a business’ domain to send phishing emails to its customers, employees, and supply chain. The fake emails are hard for the recipient to spot because they come from a legitimate email address.

In preparing for DORA, businesses now need to consider how they’ll strengthen their email and domain defenses for effective risk management and mitigation. Implementing DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is the crucial first step that every organization should take to secure its domain and brand from impersonation. 

2. Business Email Compromise (BEC) is a reasonably identifiable circumstance

The Digital Operational Resilience Act expects affected organizations to recognize and mitigate any reasonably identifiable circumstances that could lead to an event that could compromise the digital operational security of the firm. But what is a reasonably identifiable circumstance?

Any common vulnerability, exposure, or well-known cyber threat could give rise to a reasonably identifiable circumstance. Something is a reasonably identifiable circumstance if the source it’s coming from is a trusted, independent expert that puts you on express notice that a common vulnerability, exposure, or significant cyber threat poses a risk to your business. 

Financial organizations should look to credible agencies for guidance on reasonably identifiable circumstances. These include the National Cyber Security Centre (NCSC), Federal Bureau of Investigations (FBI), Global Cyber Alliance (GCA), and National Institute of Standards and Technology (NIST) to name just a few.

The FBI has been warning of Business Email Compromise in its IC3 Internet Crime Report since 2015. So, affected financial organizations and third-party software providers should accept that BEC attacks are a reasonably identifiable circumstance that they need to be protected against. 

Then, they should look to mitigate these types of attacks as part of their wider preparation for DORA. Just some of the ways organizations can look to mitigate BEC and related disruption include: 

3. DORA instructs firms to be able to detect anomalies 

In a landscape with ever-expanding cyber threats and sophisticated attacks, being able to get ahead of the game and stop zero-day attacks is becoming an increasing priority for businesses. DORA in fact states that ‘financial entities shall have in place mechanisms to promptly detect anomalous activities’. This instruction could be applied to multiple areas within an organization, and domain security is definitely one of them. 

Detection of anomalous activities is integral to the Red Sift platform. Our newest product OnDOMAIN provides organizations with comprehensive insight into their domain perimeter, plus a reliable phishing takedown service. 

OnDOMAIN monitors 150 million newly registered domains and subdomains every day. This means that organizations can quickly take down phishing and impersonation sites and even discover and secure legitimate domains that have been forgotten about. It also means they can detect illegitimate use of logos to defend their business’ brand against abuse and reputational damage. 

Our other products also include anomaly detection as a key capability. OnDMARC detects and surfaces information to its users in a variety of ways. For example, it detects misconfigured or missing email protocols, declining reputational scores, uncovers shadow IT, and more. 

OnINBOX uncovers any malicious attacks in inbound emails by using easy-to-understand traffic light indicators. It also provides insight into an organization’s complete network of connections in one dashboard, so security teams can easily spot potential phishing emails and remediate them.

Book your Red Sift platform demo today

Red Sift is the only provider of an Integrated Email Security and Brand Protection Platform. This is made up of our gold-standard products which work together to protect your organization’s outbound and inbound email communications, as well as your domain perimeter. 

While we can’t provide you with every provision in preparation for DORA, our platform can help you mitigate reasonably identifiable circumstances as they relate to email and domain security. So why not book your free Red Sift Platform Demo today?


Red Sift

17 Aug. 2022



Recent Posts


Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more

Red Sift ASM & Red Sift Certificates: the missing link in your…

Billy McDiarmid

According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…

Read more

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more