Red Sift’s 2025 Spring Quarterly Product Release

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence.

Highlights include:

  • Support for both Digicert and Common Mark Certificates (CMC) in Red Sift OnDMARC, making BIMI implementation faster and more flexible.
  • Microsoft-specific checks added to Red Sift Investigate, helping you stay compliant as major inbox providers enforce DMARC and other sending requirements.
  • Real-time TLS and post-quantum safety checks across all endpoints in Red Sift Certificates, helping you identify misconfigurations and legacy setups before they become a problem.
  • A reworked Certificates dashboard that prioritizes high-risk certificates, simplifies investigation, and cuts time to action.

OnDMARC

BIMI: Now with full Digicert & CMC support

OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through OnDMARC’s end-to-end in-app process now receive certificates from Digicert, following Entrust’s exit from the public certificates business.

In addition, OnDMARC customers can now choose between Vendor Mark Certificates (VMC) and the new, lower requirements Common Mark Certificates (CMC) making it easier than ever to get the benefits of BIMI. Find out more about Common Mark Certificates (CMC) here

Microsoft implements high-volume sender requirements, joins Google & Yahoo

On April 2nd, Microsoft announced it would begin enforcing high-volume sender requirements, joining Google and Yahoo in requiring DMARC, DKIM, SPF, and one-click unsubscribe for bulk and marketing emails.

By April 29th, enforcement escalated to rejecting non-compliant emails outright, rather than simply sending them to Junk. The result? Over 400,000 domains adopted DMARC in April alone.

To support this shift, we’ve expanded our free email security checker, Red Sift Investigate, to include Microsoft-specific checks alongside our existing Google and Yahoo (Yahoogle) validations. You can check your compliance in just 30 seconds here.

Certificates

Smarter visibility, faster action

This quarter, we’ve redesigned the Certificates dashboard to spotlight what matters most. Expired and soon-to-expire certificates now appear first, using a clear priority hierarchy and urgency bands (e.g., critical in 4 days, overdue in 4–13, upcoming in 14–60). These thresholds can be tailored to your needs for better planning and faster action.

A new summary view gives you a complete snapshot:

  • Total certificates
  • Owned vs. third-party
  • Number of monitored domains

Graphs are now grouped into Discovery, Lifecycle, and Security views to make insights easier to navigate and act on.

Faster navigation, simplified workflows

We’ve streamlined navigation to help you manage certificates more efficiently.

  • The new All Certificates view consolidates every cert—active, pre-issued, third-party, revoked—into one searchable, filterable list.
  • Endpoints now has its own section, laying the groundwork for deeper functionality beyond certificates.
  • Quick filters across the platform let you instantly view what matters, whether it’s third-party certificates or pre-certificates issued to your organization.

TLS & qost-quantum safety at a glance

We now continuously monitor all your network locations and endpoints for their TLS configurations, including whether they’re post-quantum (PQ) safe. On the Endpoints page, you’ll get at-a-glance visibility into which certificates are using TLS, how well those configurations are set up, and whether they align with emerging quantum-safe standards.

This gives you a proactive way to spot misconfigurations, legacy setups, or potential vulnerabilities and take action before they become a problem.

As we note in our recent blog post: “While quantum computers aren’t yet capable of breaking current encryption, the threat is real enough that the industry must act now. A post-quantum world will need hybrid cryptography, long-term planning, and active monitoring.”

We’re doing our bit to make that future easier to navigate.

Exclude domains from discovery with more control

You can now exclude domains from certificate discovery, ideal for keeping test, staging, or legacy environments out of view.

Please note: exclusions only apply to newly discovered assets—any previously imported domains will still need to be removed manually.

Brand Trust

Of course, we’ve been building here too. Stay tuned for a major Brand Trust update landing next week.

PUBLISHED BY

Francesca Rünger-Field

4 Jun. 2025

SHARE ARTICLE:

Categories

Product Release

Related articles

The future of email security: Innovations, challenges, and the role of DMARCWhy implementing DMARC is essential for AviationRed Sift Brand Trust joins Cisco portfolio to extend domain and brand protectionRed Sift debuts the industry’s first AI Agent for lookalike classificationWhy DMARC should top your MSP roadmap in 2025

Recent Posts

VIEW ALL
BEC
12 Jun. 2025

The future of email security: Innovations, challenges, and the role of DMARC

Jack Lilley

Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…

Read more
Aviation
10 Jun. 2025

Why implementing DMARC is essential for Aviation

Jack Lilley

If you’re in aviation and still haven’t locked down your email security, you’re taking a serious risk. Cyberattacks on airlines, airports, and aerospace companies are up 131% in just one year. Phishing and Business Email Compromise (BEC) scams are hammering the industry, costing millions, causing chaos, and damaging customer trust. Attackers aren’t just targeting…

Read more
News
9 Jun. 2025

Red Sift Brand Trust joins Cisco portfolio to extend domain and brand…

Francesca Rünger-Field

Many organizations have implemented email authentication and hardened their owned domains against abuse. But a more exposed and less controlled surface remains: the brand. With the ease and efficiency of AI tools, brand impersonation has become a successful tactic for bypassing technical controls and targeting users directly. While email authentication protocols like DMARC can…

Read more
AI
9 Jun. 2025

Red Sift debuts the industry’s first AI Agent for lookalike classification

Francesca Rünger-Field

As brand impersonation grows in scale and sophistication, security teams face a dual challenge: uncovering the full extent of the threat and deciding what to do with what they find. For many, the first hurdle—detection—remains a work in progress. But for those with mature discovery pipelines, a new problem has emerged: volume. As visibility…

Read more
Red Sift Logo

PLATFORM

The Red Sift Pulse Platform

Internet-scale cybersecurity intelligence meets trusted AI.
OnDMARC

Protect against phishing and BEC attacks.
Brand Trust

Stop brand abuse, fraud and lookalike attacks.
ASM

Continuously discover and manage external-facing and cloud assets.
Certificates

Real-time discovery and seamless monitoring for certificates.

INNOVATION

CUSTOMERS

Resources

Company