Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.

Get ready for CORE - streaming now - http://cgcookie.com/p/core In this live stream, @KennyPhases will be creating a Geometry Nodes Aerodynamic Simulation (Particle Push)! *NEW* CORE Fundamentals: Perhaps our most ambitious undertaking yet, CORE Fundamentals, will elevate your Blender skills. All 9 courses will be released together, all recorded in Blender 4.2. Our expert instructors are working daily on the most important bundle of courses to drill down on your Blender skills and achieve your dreams as a 3D artist. 9 courses, 8 instructors, 1 epic journey for Blender Artists. CORE Fundamentals will be streaming on CG Cookie https://b3d.cgcookie.com/6y8jnv and is currently available on Blender Market https://b3d.cgcookie.com/9borh8 Stay informed and follow along as we prepare to launch CORE https://b3d.cgcookie.com/v0uaiy Free Assets (used in this video): http://polyhaven.com Kenny Phases YouTube Channel: http://youtube.com/kennyphases _______________________________________________________________________________________________________ "WHO IS CG COOKIE?" We are real people! (OK, maybe some of us are cyborgs - we don't ask.) CG Cookie is a small crew of Blender artists, baking fresh videos for the Blender community. 🍪 If you love what we do, consider enrolling to http://cgcookie.com to stream 100's of Blender courses with passionate Blender instructors there to answer your questions. "WHERE SHOULD I START LEARNING BLENDER?" For Blender beginners, we have a free tutorial series "Getting Started with Blender" https://rb.gy/khqdl7 "I WANT MORE CG COOKIE IN MY LIFE!" Got it. Here's where you can reach us! / cgcookie / cgcookie / cgcookieinc Want Blender news in your mailbox? Sign up here for spam-free newsletter https://cgcookie.com/newsletter #CGCookie #blendertutorial #b3d

Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

Published June 5, 2025 10:00am EDT close Don’t be so quick to click that Google calendar invite. It could be a hacker’s trap Cybercriminals are sending fake meeting invitations that seem legitimate. NEWYou can now listen to Fox News articles! Americans’ personal data is now spread across more digital platforms than ever. From online shopping habits to fitness tracking logs, personal information ends up in hundreds of company databases. While most people worry about social media leaks or email hacks, a far less visible threat comes from data brokers.I still find it hard to believe that companies like this are allowed to operate with so little legal scrutiny. These firms trade in personal information without our knowledge or consent. What baffles me even more is that they aren’t serious about protecting the one thing that is central to their business model: data. Just last year, we saw news of a massive data breach at a data broker called National Public Data, which exposed 2.7 billion records. And now another data broker, LexisNexis, a major name in the industry, has reported a significant breach that exposed sensitive information from more than 364,000 people. A hacker at work (Kurt "CyberGuy" Knutsson)LexisNexis breach went undetected for months after holiday hackLexisNexis filed a notice with the Maine attorney general revealing that a hacker accessed consumer data through a third-party software development platform. The breach happened on Dec. 25, 2024, but the company only discovered it months later. LexisNexis was alerted on April 1, 2025, by an unnamed individual who claimed to have found sensitive files. It remains unclear whether this person was responsible for the breach or merely came across the exposed data.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSA spokesperson for LexisNexis confirmed that the hacker gained access to the company’s GitHub account. This is a platform commonly used by developers to store and collaborate on code. Security guidelines repeatedly warn against storing sensitive information in such repositories; however, mistakes such as exposed access tokens and personal data files continue to occur.The stolen data varies from person to person but includes full names, birthdates, phone numbers, mailing and email addresses, Social Security numbers and driver's license numbers. LexisNexis has not confirmed whether it received any ransom demand or had further contact with the attacker. An individual working on their laptop (Kurt "CyberGuy" Knutsson)Why the LexisNexis hack is a bigger threat than you realizeLexisNexis isn’t a household name for most people, but it plays a major role in how personal data is harvested and used behind the scenes. The company pulls information from a wide range of sources, compiling detailed profiles that help other businesses assess risk and detect fraud. Its clients include banks, insurance companies and government agencies.In 2023, the New York Times reported that several car manufacturers had been sharing driving data with LexisNexis without notifying vehicle owners. That information was then sold to insurance companies, which used it to adjust premiums based on individual driving behavior. The story made one thing clear. LexisNexis has access to a staggering amount of personal detail, even from people who have never willingly engaged with the company.Law enforcement also uses LexisNexis tools to dig up information on suspects. These systems offer access to phone records, home addresses and other historical data. While such tools might assist in investigations, they also highlight a serious issue. When this much sensitive information is concentrated in one place, it becomes a single point of failure. And as the recent breach shows, that failure is no longer hypothetical. A hacker at work (Kurt "CyberGuy" Knutsson)7 expert tips to protect your personal data after a data broker breachKeeping your personal data safe online can feel overwhelming, but a few practical steps can make a big difference in protecting your privacy and reducing your digital footprint. Here are 7 effective ways to take control of your information and keep it out of the wrong hands:1. Remove your data from the internet: The most effective way to take control of your data and avoid data brokers from selling it is to opt for data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Review privacy settings: Take a few minutes to explore the privacy and security settings on the services you use. For example, limit who can see your social media posts, disable unnecessary location-sharing on your phone and consider turning off ad personalization on accounts like Google and Facebook. Most browsers let you block third-party cookies or clear tracking data. The FTC suggests comparing the privacy notices of different sites and apps and choosing ones that let you opt out of sharing when possible.3. Use privacy-friendly tools: Install browser extensions or plugins that block ads and trackers (such as uBlock Origin or Privacy Badger). You might switch to a more private search engine (like DuckDuckGo or Brave) that doesn’t log your queries. Consider using a browser’s "incognito" or private mode when you don’t want your history saved, and regularly clear your cookies and cache. Even small habits, like logging out of accounts when not in use or using a password manager, make you less trackable.GET FOX BUSINESS ON THE GO BY CLICKING HERE4. Beware of phishing links and use strong antivirus software: Scammers may try to get access to your financial details and other important data using phishing links. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.5. Be cautious with personal data: Think twice before sharing extra details. Don’t fill out online surveys or quizzes that ask for personal or financial information unless you trust the source. Create separate email addresses for sign-ups (so marketing emails don’t go to your main inbox). Only download apps from official stores and check app permissions.6. Opt out of data broker lists: Many data brokers offer ways to opt out or delete your information, though it can be a tedious process. For example, there are sites like Privacy Rights Clearinghouse or the Whitepages opt-out page that list popular brokers and their opt-out procedures. The FTC’s consumer guide, "Your Guide to Protecting Your Privacy Online," includes tips on opting out of targeted ads and removing yourself from people-search databases. Keep in mind you may have to repeat this every few months.7. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.Kurt’s key takeawayFor many, the LexisNexis breach may be the first time they realize just how much of their data is in circulation. Unlike a social media platform or a bank, there is no clear customer relationship with a data broker, and that makes it harder to demand transparency. This incident should prompt serious discussion around what kind of oversight is necessary in industries that operate in the shadows. A more informed public and stronger regulation may be the only things standing between personal data and permanent exposure.CLICK HERE TO GET THE FOX NEWS APPShould companies be allowed to sell your personal information without your consent? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Gerrard Healthy Housing replaces a single-family home in a walkable Toronto neighbourhood with 10 rental housing units. Photo by Alexandra Berceneau Gerrard Healthy Housing, at Gerrard and Main in Toronto, delivers exactly the kind of “gentle density” that has been much discussed and desired in the city. The eight-unit walk-up rental building with two laneway houses replaces a single-family home, while carefully integrating with its walkable neighbourhood. But achieving this outcome was no easy matter. To streamline approvals, TMU professor Cheryl Atkinson, of Atkinson Architect, aimed to design with no variances. “Everything’s to the minimum in terms of distance between the attached four-plexes and the laneway units,” says Rolf Paloheimo, of P&R Development, who also acted as project manager. “We built to the maximum height within 100 millimetres.” Atkinson had designed a panellized, net-zero missing middle housing unit exhibited at DX’s EDIT festival as part of a TMU research project; Paloheimo was the client and developer behind the 1996 CMHC Riverdale Healthy House, a model sustainable development designed by Martin Liefhebber. For Gerrard Healthy Housing, they set out to create as close to Passive House as possible, specifying all-electric heat pumps and ERVs, using wood framing, and deploying blown-in-cellulose insulation to achieve a quiet and airtight R45-R65 envelope—although stopping short of installing triple-glazed windows. “We wanted to make it reproducible and affordable,” says Paloheimo. “Part of my argument for doing this scale of development is that if you stay in part 9 [of the building code], the construction is a lot lighter, the consultant load is lighter. You’re stuck with higher land costs, but costs are quite a bit lower to build,” he adds. The construction costs for the project tallied up to $300 per square foot, and the all-in cost for the project was $650 per square foot—about half the square-foot cost of condo construction. Atkinson’s sensitive design provides natural light on three sides of all but two units, ample cross-ventilation and closet space, and office nooks that overlook entry stairs—as well as façades detailed to fit in with the scale of neighbourhood. Details like bespoke mailboxes add polish to the composition. The financial success of the project depended largely on government incentives for housing: just before construction started, the province waived HST on rental developments, and the City exempted four-plexes from development charges.  Paloheimo’s project management of the endeavour ensured the project stayed on track. He kept a close eye on the prices tendered by the general contractor, and ended up finding some of the trades on his own—developing such a good rapport that he bought them cakes from a nearby patisserie at the end of the project. Both Atkinson and Paloheimo also befriended the neighbours, one of whom provided temporary power from her home when the hydro connection was delayed.  Can this kind of success be replicated at scale? Paloheimo is cautiously hopeful, and plans to continue with small-scale development projects in Toronto. But he acknowledges that it’s not an endeavour for the faint of heart. “You have a house that used to be just four walls and a roof,” he says. “And then we’re gradually adding complexity. If you’re doing sustainable housing, it’s got to have a certain R-value, a certain airtightness. So it creates headwinds if you want to make affordable housing.” The bigger problem, he says, is the financialization of housing—unlike a car, which you expect to lose value and cost money each year, we expect our homes to continually increase in value. “If we could get away from that, we could focus on what’s really important about housing: which is comfort, space, light, services.” As appeared in the June 2025 issue of Canadian Architect magazine The post Editorial: Gentle Density in Action appeared first on Canadian Architect.

Reading Time: 8 minutes Sometimes, even the slickest emails can land with a thud in the spam folder. The culprit? Your email sender reputation. Just like a bank checks your credit history before lending you money, mailbox providers (like Gmail, Yahoo, etc.) check your sender reputation before deciding whether to deliver your customer relationship emails to the inbox or banish them to spam. So buckle up, because here, we’re about to unpack everything you need to know about what an email domain reputation is and how to keep yours squeaky clean. Now, you’re probably wondering…   What is Email Sender Reputation? Email sender reputation, also known as email domain reputation, is a measure of your brand’s trustworthiness as an email sender. It’s based on factors like your sending history, email engagement, and complaint rates, influencing whether mailbox providers deliver your messages to recipients’ inboxes or junk folders. A solid sender reputation is the golden ticket to inbox placement. Without it, your carefully crafted automated email marketing campaigns might as well be shouting into the void. Mailbox providers are constantly on the lookout for spammers and shady senders, and your reputation is a key indicator of whether you’re one of the good guys. But how do they know that?   5 Factors That Influence Email Marketing Sender Reputation Your email sending reputation isn’t built overnight; it’s a result of consistent behavior and several critical factors. Let’s break down the big five: 1. Quality of Your Email List Building your email list is hard, we know. But honestly, validating it to ensure that all email addresses are real and belong to existing subscribers helps you maintain a positive sender reputation score with mailbox providers. This is why you should use a proper email validation API, as it can help you quickly check if the email addresses are legitimate. Your reputation score can suffer if you’re labeled as a bad email sender, with all the bounces you get from a bad email list. 2. Email Sending History Having an established history with a particular IP address can boost the legitimacy and reputation score of your emails, which means the sender, messages, and recipients are all coming from a legitimate place. Spammers will often change IP addresses and, therefore, cannot establish a long and reputable sending history with IPs. 3. Consistency and Volume of Emails The number of emails you send and your consistency in sending them are also indicators of your legitimacy and reputation. Sending two emails every other week, for example, shows stability and predictability in terms of your sending volume and activities. Mailbox providers and Internet Service Providers (ISPs) also examine your sending patterns and frequency to determine whether you’re still on the right track or have turned to spamming. 4. Email Open Rates or Engagement This is a metric that records subscriber activity or your email engagement, such as the open or click-through rates. It’s very significant because mailbox providers value their subscribers’ preferences. Your emails could be filtered out if there is a very low response rate or no interactions at all. 5. Emails Marked as ‘SPAM’ Mailbox providers would take a cue from their subscribers’ preferences whenever they receive emails. So, if your email messages are consistently marked as ‘Spam’, then this feedback would result in your emails being screened or placed in the Spam or Junk folder. And that’s not where you’d want your emails to hang out.   How to Check Email Sender Reputation You can verify your email domain reputation by monitoring key metrics and using reputation checking tools. Many email marketing software platforms (like MoEngage, for example) provide dashboards and analytics that help you monitor these crucial indicators. MoEngage goes a step further by offering insights and tools to help you proactively manage and improve your email deliverability, making it easier to spot and address potential reputation issues before they escalate. In fact, you can achieve an inbox placement rate of over 95%! Coming back to the topic, the platform indicates email domain reputation as High, Medium, Low, or Bad. More specifically, it lets you: Filter campaigns based on reputation while exporting their data. See historical trends in your domain reputation. View more information, such as when the reputation information was last updated. Analyze email marketing metrics, like open rates and click-through rates. How an Email Sender Reputation Score Works Your email sender reputation score is a dynamic rating that mailbox providers assign to your sending domain and IP address. This score isn’t a fixed number, but rather, a constantly evolving assessment based on your list quality, sending history, and other factors we’ve discussed above. Higher scores generally mean better inbox placement, while lower scores can lead to the dreaded spam folder. Different mailbox providers have their own algorithms for calculating this score, and the exact formulas are usually kept secret. However, the underlying principles revolve around your sending behavior and recipient engagement. How Can You Do a Domain Reputation Test and How Often Should You Do This? You can run an email domain reputation test using various software tools (we’ll get to some of the best ones in a sec!). These reputation checkers analyze your domain and IP address against known blacklists and provide insights into your current standing. Ideally, you should be monitoring your key metrics within your ESP regularly (daily or weekly) and perform a more comprehensive domain reputation test at least monthly, or more frequently if you’re experiencing deliverability issues. Consistent monitoring helps you catch problems early and maintain a healthy reputation.   3 Best Email Domain Reputation Checkers Alright, let’s talk tools. While your ESP often provides built-in deliverability insights, these external domain reputation checkers can offer another layer of perspective. Let’s jump right in! 1. MoEngage Okay, we might be a little biased, but hear us out. MoEngage is more than just an email marketing platform; it’s a powerhouse for cross-channel customer engagement. Its robust analytics and deliverability features give you a clear view of your email performance, helping you proactively manage your email sender reputation. MoEngage stands out because it integrates domain reputation monitoring with tools to improve engagement and personalize your campaigns, leading to better deliverability in the long run. Unlike some standalone domain reputation checkers, MoEngage provides actionable insights within your workflow. How Pricing Works: MoEngage offers customized pricing plans based on your specific needs and scale. Contact the sales team for a personalized quote. Best For: Brands looking for an integrated customer engagement platform (CEP) with robust email deliverability management capabilities. 2. Spamhaus Project The Spamhaus Project allows you to track spam, malware, phishing, and other cybersecurity threats. ISPs and email servers filter out unwanted and harmful content using Spamhaus’s DNS-based blocklists (DNSBLs). How Pricing Works: Spamhaus provides its blacklist data and lookup tools for free to most users, as part of their mission to combat spam. Best For: Quickly checking if your domain or IP is on major spam blacklists. 3. MxToolbox You can use MxToolbox to check if your domain is mentioned on any email blocklists. It scans your domain for mail servers, DNS records, web servers, and any problems. While comprehensive in its checks, this domain reputation checker doesn’t provide the same level of integrated deliverability management and analytics that a platform like MoEngage offers. How Pricing Works: MxToolbox offers both free tools and paid subscription plans with more advanced features, with pricing starting from around $85 per month. Best For: Performing a broad check across numerous email blacklists.   How to Improve Your Email Domain Reputation So, your domain email reputation doesn’t look as shiny as you’d like? No worries! Here are concrete steps you can take to improve it. Think of it as spring cleaning for your email sending practices. 1. Manage a Clean Email List Email list management is foundational. Regularly prune inactive subscribers, remove bounced addresses, and promptly honor unsubscribe requests. Implement a double opt-in process to ensure subscribers genuinely want to hear from you. A clean, engaged email list signals to mailbox providers that you’re sending to interested recipients, and reduces bounce rates and spam complaints. It’s crucial for a positive email sender reputation score. 2. Send Confirmation Emails with Double Opt-Ins Include double opt-ins where you send automated confirmation emails to subscribers. This helps you distinguish valid email addresses from nonexistent ones. Basically, protecting your email sender reputation is easy when you adhere to best practices. Ensuring that your email messages are engaging and interesting helps you get more clicks and open rates. Attracting more interaction to your email messages sends a signal to mailbox providers that you have a legitimate and professional organization. Increasing the positive activities and reviews will help build and solidify your branding strategy, sending a message that is relatable and understood by your subscribers. 3. Pause Violating Campaigns Notice a sudden spike in bounces or spam complaints after a particular email marketing campaign? Pause the campaign immediately to investigate the cause. Ideally, you should not send transactional and non-transactional emails from the same domain (domain/IP set). If the compliance requirements are met, there is no need to pause transactional emails. However, you should pause all one-time emails. Continuing to send problematic emails will only further damage your email sending reputation. Addressing the issue swiftly demonstrates responsibility to mailbox providers. 4. Correct the Mistakes Once you’ve paused a problematic campaign, take the time to understand what went wrong. Did you use a purchased list? Was the content or subject line misleading? (In which case, you need to have a list of the best email subject lines handy). Identify the root cause and implement corrective measures so it doesn’t happen again. Showing that you learn from your mistakes helps rebuild trust with mailbox providers over time. Then, raise a ticket to Gmail or other ESP explaining the cause behind the reputation issues, your changes, and the next steps you plan to follow. Have checkpoints to detect issues immediately, so you can always stay on top of them. 5. Use Subdomains for Sending Emails Establish a subdomain you’re going to use only for sending emails to customers. That’s because if anything goes wrong, the subdomain will take the hit directly, while mildly affecting your company’s main registered domain. It’s like a backup. Also, hopefully, your customers will remember and recognize your subdomain with time. So even if your emails do land in the spam folder, customers might mark them as ‘Not spam’. Yay! 6. Resume and Ramp Up Your Email Frequency After addressing the issues and making necessary changes, don’t be afraid to resume sending. But take baby steps. Resume your transactional emails first. Don’t send transactional and promotional emails from the same domains and IPs. If you already have, separate them while correcting your email setup. Next, resume your personalized event-triggered campaigns. Then, slowly send one-time campaigns to email openers and clickers (such as emails that have been opened 5 times in the last 60 days). Send at a lower RPM and send only 2-3 campaigns per week. After the email domain reputation improves, gradually increase the overall sending frequency and volume (it could take 6-8 weeks). When emailing non-engaged customers, slowly raise your email frequency to prevent sudden volume spikes from triggering spam filters. This careful approach communicates to mailbox providers that you are a responsible sender. 7. Customize Your Sending Patterns Avoid sending all your emails at the same time to everyone on your list. Segment your audience and tailor your sending schedules based on their engagement and time zones. This shows mailbox providers that you’re sending relevant content to the right customers at the right time, improving engagement and your overall email marketing domain reputation. Create lifecycle campaigns to engage your customers. Use dynamic segments, so inactive customers get dropped off automatically. Implement personalization across every aspect of your email.   Maintaining Email Domain Reputation with MoEngage Maintaining a stellar email domain reputation is an ongoing effort, but it doesn’t have to be complicated. Hundreds of B2C brands trust MoEngage to provide the insights and tools they need to monitor deliverability, understand audience engagement, and proactively manage their sending practices. By leveraging the platform’s analytics and segmentation capabilities, our customers can be sure their emails consistently land in the inbox, where they belong. Ready to take control of your email deliverability and build a rock-solid email sender reputation? Explore MoEngage’s comprehensive email marketing solutions. Or better yet, request a demo to see MoEngage’s email solutions in action today. The post How to Check and Fix Your Email Sender Reputation appeared first on MoEngage.

Originally published at 92% of Top Email Domains Remain Unprotected Against Phishing by Anush Yolyan. New EasyDMARC report reveals widespread gaps in DMARC enforcement and reporting, leaving most business email domains exposed to spoofing and impersonation. New research from EasyDMARC reveals that just 7.7% of the world’s top 1.8 million email domains are fully protected against phishing and spoofing, having implemented the most stringent DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy. This configuration, known as ‘p=reject’, actively blocks malicious emails from reaching inboxes. While DMARC adoption has accelerated since 2023, driven by regulatory pressure and mandates from major email providers, most leading organisations continue to rely on the weakest policy, ‘p=none’, which passively monitors inboxes for threats without intercepting them. The findings are part of EasyDMARC’s 2025 DMARC Adoption Report, which analyses email security practices across the highest-traffic websites globally, as well as Fortune 500 and Inc. 5000 organisations. The report reveals a significant gap between DMARC implementation and effective enforcement, with more than half (52.2%) of the domains still lacking even a basic DMARC record. Among those that have implemented DMARC, most fail to apply the enforcement policies or reporting mechanisms needed to make the protocol truly effective. The report comes at a time of escalating phishing threats and increasing pressure from both regulators and mailbox providers. Mandates from Google, Yahoo, and Microsoft, along with frameworks like PCI DSS v4.0.1, have spurred a rush to adopt DMARC. But in many cases, that adoption stops at a passive monitoring setting known as ‘p=none’, which doesn’t block fraudulent emails or provide full visibility into authentication failures. “There’s a growing perception that simply publishing a DMARC record is enough,” said EasyDMARC CEO Gerasim Hovhannisyan. “But adoption without enforcement creates a dangerous illusion of security. In reality, most organisations are leaving the door wide open to attacks targeting customers, partners, or even employees.” Countries with strict DMARC mandates, such as the United States, the UK, and the Czech Republic, saw the biggest reductions in phishing emails reaching inboxes. In the US, for example, the percentage of phishing emails accepted dropped from 68.8% in 2023 to just 14.2% in 2025. In contrast, countries with voluntary or no guidance, like the Netherlands and Qatar, showed little to no improvement. Compounding the problem is the lack of visibility. Even among domains with DMARC records, over 40% fail to include reporting mechanisms, such as RUA tags, that allow organisations to see who’s sending email on their behalf and whether it’s failing authentication checks. Hovhannisyan added: “Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on. Phishing remains one of the oldest and most effective forms of cyberattack, and without proper enforcement, organisations are effectively handing attackers the keys to their business. As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option.” For more information, view the full report here.  Notes for Editors Research Methodology The EasyDMARC May 2025 DMARC Adoption Report is based on an analysis of the world’s top 1.8 million email domains, ranked by global web traffic. It examines the scale of DMARC adoption worldwide and assesses how effectively organisations are enforcing and monitoring the protocol. The report includes dedicated insights into the world’s top 1.8M domains, Fortune 500 and Inc. 5000 companies, offering a comparative view of email security maturity across different organisational sizes. It also incorporates findings from a survey of 980 IT professionals across the United States, the United Kingdom, Canada, and the Netherlands, providing regional perspectives on phishing trends, adoption challenges, and the influence of evolving regulatory mandates. In addition to public DNS data, the report also draws on proprietary data collected through EasyDMARC’s platform, including anonymised aggregate DMARC reports received from major mailbox providers (MBPs).  About EasyDMARC EasyDMARC is a cloud-native B2B SaaS that solves email security and deliverability challenges in just a few clicks. With advanced tools, including its AI-powered DMARC Report Analyser, DMARC, SPF, DKIM cloud management solutions, and email source reputation monitoring, EasyDMARC helps customers protect their domains, increase their email deliverability, and maintain strong email health. Media InquiriesResonance for EasyDMARCeasydmarc@resonancecrowd.com The post 92% of Top Email Domains Remain Unprotected Against Phishing appeared first on EasyDMARC.

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives, including those in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America. "They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations," the Microsoft Threat Intelligence team said in a report published today. "Once inside, they steal large amounts of emails and files." Attacks mounted by Void Blizzard have been found to disproportionately single out NATO member states and Ukraine, suggesting that the adversary is looking to collect intelligence to further Russian strategic objectives. Specifically, the threat actor is known to target government organizations and law enforcement agencies in NATO member states and countries that provide direct military or humanitarian support to Ukraine. It's also said to have staged successful attacks aimed at education, transportation, and defense verticals in Ukraine. This includes the October 2024 compromise of several user accounts belonging to a Ukrainian aviation organization that had been previously targeted by Seashell Blizzard, a threat actor tied to the Russian General Staff Main Intelligence Directorate (GRU), in 2022. The attacks are characterized as opportunistic and targeted high-volume efforts that are engineered to breach targets deemed of value to the Russian government. Initial access methods comprise unsophisticated techniques like password spraying and stolen authentication credentials. In some of the campaigns, the threat actor has utilized stolen credentials likely sourced from commodity information stealer logs available on the cybercrime underground to access Exchange and SharePoint Online and harvest email and files from compromised organizations. "The threat actor has also in some cases enumerated the compromised organization's Microsoft Entra ID configuration using the publicly available AzureHound tool to gain information about the users, roles, groups, applications, and devices belonging to that tenant," Microsoft said. As recently as last month, the Windows maker said it observed the hacking crew shifting to "more direct methods" to steal passwords, such as sending spear-phishing emails that are engineered to trick victims into parting with their login information by means of an adversary-in-the-middle (AitM) landing pages. The activity entails the use of a typosquatted domain to impersonate the Microsoft Entra authentication portal to target over 20 NGOs in Europe and the United States. The email messages claimed to be from an organizer from the European Defense and Security Summit and contained a PDF attachment with fake invitations to the summit. Present wishing the PDF document is a malicious QR code that redirects to an attacker-controlled domain ("micsrosoftonline[.]com") that hosts a credential phishing page. It's believed that the phishing page is based on the open-source Evilginx phishing kit. Post-compromise actions after gaining initial access encompass the abuse of Exchange Online and Microsoft Graph to enumerate users' mailboxes and cloud-hosted files, and then make use of automation to facilitate bulk data collection. In select instances, the threat actors are also said to have accessed Microsoft Teams conversations and messages via the web client application. "Many of the compromised organizations overlap with past – or, in some cases, concurrent – targeting by other well-known Russian state actors, including Forest Blizzard, Midnight Blizzard, and Secret Blizzard," Microsoft said. "This intersection suggests shared espionage and intelligence collection interests assigned to the parent organizations of these threat actors." Void Blizzard Linked to September Breach of Dutch Police Agency In a separate advisory, the Netherlands Defence Intelligence and Security Service (MIVD) attributed Void Blizzard to a September 23, 2024, breach of a Dutch police employee account via a pass-the-cookie attack, stating work-related contact information of police employees was obtained by the threat actor. Pass-the-cookie attack refers to a scenario where an attacker uses stolen cookies obtained via information stealer malware to sign in to accounts without having to enter a username and password. It's currently not known what other information was stolen, although it's highly likely that other Dutch organisations were also targeted. "Laundry Bear is looking for information about the purchase and production of military equipment by Western governments and Western supplies of weapons to Ukraine," said MIVD director, Vice Admiral Peter Reesink, in a statement. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.