This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence.
Highlights include:
- Support for both Digicert and Common Mark Certificates (CMC) in Red Sift OnDMARC, making BIMI implementation faster and more flexible.
- Microsoft-specific checks added to Red Sift Investigate, helping you stay compliant as major inbox providers enforce DMARC and other sending requirements.
- Real-time TLS and post-quantum safety checks across all endpoints in Red Sift Certificates, helping you identify misconfigurations and legacy setups before they become a problem.
- A reworked Certificates dashboard that prioritizes high-risk certificates, simplifies investigation, and cuts time to action.
OnDMARC
BIMI: Now with full Digicert & CMC support
OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through OnDMARC’s end-to-end in-app process now receive certificates from Digicert, following Entrust’s exit from the public certificates business.
In addition, OnDMARC customers can now choose between Vendor Mark Certificates (VMC) and the new, lower requirements Common Mark Certificates (CMC) making it easier than ever to get the benefits of BIMI. Find out more about Common Mark Certificates (CMC) here.
Microsoft implements high-volume sender requirements, joins Google & Yahoo
On April 2nd, Microsoft announced it would begin enforcing high-volume sender requirements, joining Google and Yahoo in requiring DMARC, DKIM, SPF, and one-click unsubscribe for bulk and marketing emails.
By April 29th, enforcement escalated to rejecting non-compliant emails outright, rather than simply sending them to Junk. The result? Over 400,000 domains adopted DMARC in April alone.
To support this shift, we’ve expanded our free email security checker, Red Sift Investigate, to include Microsoft-specific checks alongside our existing Google and Yahoo (Yahoogle) validations. You can check your compliance in just 30 seconds here.
Certificates
Smarter visibility, faster action
This quarter, we’ve redesigned the Certificates dashboard to spotlight what matters most. Expired and soon-to-expire certificates now appear first, using a clear priority hierarchy and urgency bands (e.g., critical in 4 days, overdue in 4–13, upcoming in 14–60). These thresholds can be tailored to your needs for better planning and faster action.
A new summary view gives you a complete snapshot:
- Total certificates
- Owned vs. third-party
- Number of monitored domains
Graphs are now grouped into Discovery, Lifecycle, and Security views to make insights easier to navigate and act on.
Faster navigation, simplified workflows
We’ve streamlined navigation to help you manage certificates more efficiently.
- The new All Certificates view consolidates every cert—active, pre-issued, third-party, revoked—into one searchable, filterable list.
- Endpoints now has its own section, laying the groundwork for deeper functionality beyond certificates.
- Quick filters across the platform let you instantly view what matters, whether it’s third-party certificates or pre-certificates issued to your organization.
TLS & qost-quantum safety at a glance
We now continuously monitor all your network locations and endpoints for their TLS configurations, including whether they’re post-quantum (PQ) safe. On the Endpoints page, you’ll get at-a-glance visibility into which certificates are using TLS, how well those configurations are set up, and whether they align with emerging quantum-safe standards.
This gives you a proactive way to spot misconfigurations, legacy setups, or potential vulnerabilities and take action before they become a problem.
As we note in our recent blog post: “While quantum computers aren’t yet capable of breaking current encryption, the threat is real enough that the industry must act now. A post-quantum world will need hybrid cryptography, long-term planning, and active monitoring.”
We’re doing our bit to make that future easier to navigate.
Exclude domains from discovery with more control
You can now exclude domains from certificate discovery, ideal for keeping test, staging, or legacy environments out of view.
Please note: exclusions only apply to newly discovered assets—any previously imported domains will still need to be removed manually.
Brand Trust
Of course, we’ve been building here too. Stay tuned for a major Brand Trust update landing next week.