Red Sift’s 2025 Spring Quarterly Product Release

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence.

Highlights include:

  • Support for both Digicert and Common Mark Certificates (CMC) in Red Sift OnDMARC, making BIMI implementation faster and more flexible.
  • Microsoft-specific checks added to Red Sift Investigate, helping you stay compliant as major inbox providers enforce DMARC and other sending requirements.
  • Real-time TLS and post-quantum safety checks across all endpoints in Red Sift Certificates, helping you identify misconfigurations and legacy setups before they become a problem.
  • A reworked Certificates dashboard that prioritizes high-risk certificates, simplifies investigation, and cuts time to action.

OnDMARC

BIMI: Now with full Digicert & CMC support

OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through OnDMARC’s end-to-end in-app process now receive certificates from Digicert, following Entrust’s exit from the public certificates business.

In addition, OnDMARC customers can now choose between Vendor Mark Certificates (VMC) and the new, lower requirements Common Mark Certificates (CMC) making it easier than ever to get the benefits of BIMI. Find out more about Common Mark Certificates (CMC) here

Microsoft implements high-volume sender requirements, joins Google & Yahoo

On April 2nd, Microsoft announced it would begin enforcing high-volume sender requirements, joining Google and Yahoo in requiring DMARC, DKIM, SPF, and one-click unsubscribe for bulk and marketing emails.

By April 29th, enforcement escalated to rejecting non-compliant emails outright, rather than simply sending them to Junk. The result? Over 400,000 domains adopted DMARC in April alone.

To support this shift, we’ve expanded our free email security checker, Red Sift Investigate, to include Microsoft-specific checks alongside our existing Google and Yahoo (Yahoogle) validations. You can check your compliance in just 30 seconds here.

Certificates

Smarter visibility, faster action

This quarter, we’ve redesigned the Certificates dashboard to spotlight what matters most. Expired and soon-to-expire certificates now appear first, using a clear priority hierarchy and urgency bands (e.g., critical in 4 days, overdue in 4–13, upcoming in 14–60). These thresholds can be tailored to your needs for better planning and faster action.

A new summary view gives you a complete snapshot:

  • Total certificates
  • Owned vs. third-party
  • Number of monitored domains

Graphs are now grouped into Discovery, Lifecycle, and Security views to make insights easier to navigate and act on.

Faster navigation, simplified workflows

We’ve streamlined navigation to help you manage certificates more efficiently.

  • The new All Certificates view consolidates every cert—active, pre-issued, third-party, revoked—into one searchable, filterable list.
  • Endpoints now has its own section, laying the groundwork for deeper functionality beyond certificates.
  • Quick filters across the platform let you instantly view what matters, whether it’s third-party certificates or pre-certificates issued to your organization.

TLS & qost-quantum safety at a glance

We now continuously monitor all your network locations and endpoints for their TLS configurations, including whether they’re post-quantum (PQ) safe. On the Endpoints page, you’ll get at-a-glance visibility into which certificates are using TLS, how well those configurations are set up, and whether they align with emerging quantum-safe standards.

This gives you a proactive way to spot misconfigurations, legacy setups, or potential vulnerabilities and take action before they become a problem.

As we note in our recent blog post: “While quantum computers aren’t yet capable of breaking current encryption, the threat is real enough that the industry must act now. A post-quantum world will need hybrid cryptography, long-term planning, and active monitoring.”

We’re doing our bit to make that future easier to navigate.

Exclude domains from discovery with more control

You can now exclude domains from certificate discovery, ideal for keeping test, staging, or legacy environments out of view.

Please note: exclusions only apply to newly discovered assets—any previously imported domains will still need to be removed manually.

Brand Trust

Of course, we’ve been building here too. Stay tuned for a major Brand Trust update landing next week.

PUBLISHED BY

Francesca Rünger-Field

4 Jun. 2025

SHARE ARTICLE:

Categories

Product Release

Related articles

How the EU can mandate for stronger email securityEurope’s #1 for DMARC: Red Sift OnDMARC does it againHealthcare and cybersecurity: 73% of breaches lack DMARC enforcementVMC and CMC: What are the new requirements?The future of email security: Innovations, challenges, and the role of DMARC

Recent Posts

VIEW ALL
Thought Leadership
25 Jun. 2025

How the EU can mandate for stronger email security

Antony Seedhouse

Executive summary: The article examines how the EU can proactively close email security gaps by leveraging the NIS2 Directive to mandate robust, harmonized standards like DMARC, DKIM, and SPF across all member states. By acting now, the EU not only protects its digital ecosystem but also sets a global benchmark for cybersecurity best practices.…

Read more
News
24 Jun. 2025

Europe’s #1 for DMARC: Red Sift OnDMARC does it again

Francesca Rünger-Field

G2’s Summer 2025 Report has landed, and we’re proud to share that Red Sift OnDMARC remains the #1-rated DMARC solution in Europe. This marks another strong season for OnDMARC, with continued recognition across G2’s category reports. We were featured in 18 reports this quarter, taking top spots in the Mid-Market Results Index and Mid-Market…

Read more
Cybersecurity
23 Jun. 2025

Healthcare and cybersecurity: 73% of breaches lack DMARC enforcement

Faisal Misle

The healthcare sector has become a target for both low-level and occasionally spectacularly successful cyberattacks. Hospitals, insurers, medical supply chains, service and medical providers are prime targets for threat actors, with email phishing attacks, ransomware, and data breaches on the rise. In 2024, 94% of U.S. healthcare organizations experienced a cyberattack, with the average…

Read more
BIMI
17 Jun. 2025

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more
Red Sift Logo

PLATFORM

The Red Sift Pulse Platform

Internet-scale cybersecurity intelligence meets trusted AI.
OnDMARC

Protect against phishing and BEC attacks.
Brand Trust

Stop brand abuse, fraud and lookalike attacks.
ASM

Continuously discover and manage external-facing and cloud assets.
Certificates

Real-time discovery and seamless monitoring for certificates.

INNOVATION

CUSTOMERS

Resources

Company