Red Sift’s 2025 Spring Quarterly Product Release

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence.

Highlights include:

  • Support for both Digicert and Common Mark Certificates (CMC) in Red Sift OnDMARC, making BIMI implementation faster and more flexible.
  • Microsoft-specific checks added to Red Sift Investigate, helping you stay compliant as major inbox providers enforce DMARC and other sending requirements.
  • Real-time TLS and post-quantum safety checks across all endpoints in Red Sift Certificates, helping you identify misconfigurations and legacy setups before they become a problem.
  • A reworked Certificates dashboard that prioritizes high-risk certificates, simplifies investigation, and cuts time to action.

OnDMARC

BIMI: Now with full Digicert & CMC support

OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through OnDMARC’s end-to-end in-app process now receive certificates from Digicert, following Entrust’s exit from the public certificates business.

In addition, OnDMARC customers can now choose between Vendor Mark Certificates (VMC) and the new, lower requirements Common Mark Certificates (CMC) making it easier than ever to get the benefits of BIMI. Find out more about Common Mark Certificates (CMC) here

Microsoft implements high-volume sender requirements, joins Google & Yahoo

On April 2nd, Microsoft announced it would begin enforcing high-volume sender requirements, joining Google and Yahoo in requiring DMARC, DKIM, SPF, and one-click unsubscribe for bulk and marketing emails.

By April 29th, enforcement escalated to rejecting non-compliant emails outright, rather than simply sending them to Junk. The result? Over 400,000 domains adopted DMARC in April alone.

To support this shift, we’ve expanded our free email security checker, Red Sift Investigate, to include Microsoft-specific checks alongside our existing Google and Yahoo (Yahoogle) validations. You can check your compliance in just 30 seconds here.

Certificates

Smarter visibility, faster action

This quarter, we’ve redesigned the Certificates dashboard to spotlight what matters most. Expired and soon-to-expire certificates now appear first, using a clear priority hierarchy and urgency bands (e.g., critical in 4 days, overdue in 4–13, upcoming in 14–60). These thresholds can be tailored to your needs for better planning and faster action.

A new summary view gives you a complete snapshot:

  • Total certificates
  • Owned vs. third-party
  • Number of monitored domains

Graphs are now grouped into Discovery, Lifecycle, and Security views to make insights easier to navigate and act on.

Faster navigation, simplified workflows

We’ve streamlined navigation to help you manage certificates more efficiently.

  • The new All Certificates view consolidates every cert—active, pre-issued, third-party, revoked—into one searchable, filterable list.
  • Endpoints now has its own section, laying the groundwork for deeper functionality beyond certificates.
  • Quick filters across the platform let you instantly view what matters, whether it’s third-party certificates or pre-certificates issued to your organization.

TLS & qost-quantum safety at a glance

We now continuously monitor all your network locations and endpoints for their TLS configurations, including whether they’re post-quantum (PQ) safe. On the Endpoints page, you’ll get at-a-glance visibility into which certificates are using TLS, how well those configurations are set up, and whether they align with emerging quantum-safe standards.

This gives you a proactive way to spot misconfigurations, legacy setups, or potential vulnerabilities and take action before they become a problem.

As we note in our recent blog post: “While quantum computers aren’t yet capable of breaking current encryption, the threat is real enough that the industry must act now. A post-quantum world will need hybrid cryptography, long-term planning, and active monitoring.”

We’re doing our bit to make that future easier to navigate.

Exclude domains from discovery with more control

You can now exclude domains from certificate discovery, ideal for keeping test, staging, or legacy environments out of view.

Please note: exclusions only apply to newly discovered assets—any previously imported domains will still need to be removed manually.

Brand Trust

Of course, we’ve been building here too. Stay tuned for a major Brand Trust update landing next week.

PUBLISHED BY

Francesca Rünger-Field

4 Jun. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Why DMARC should top your MSP roadmap in 2025

Jack Lilley

Executive summary: Email remains the easiest way for criminals to reach customers, and major mailbox providers have decided that unauthenticated mail is no longer welcome. Google and Yahoo started rejecting bulk messages without DMARC in early 2024, and Microsoft 365 will follow in 2025. Yet only 9.7% of the world’s 73 million active domains…

Read more
Product Release

Red Sift’s 2025 Spring Quarterly Product Release

Francesca Rünger-Field

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence. Highlights include: OnDMARC BIMI: Now with full Digicert & CMC support OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through…

Read more
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more