Email is the #1 attack vector for small businesses. Not because email itself is insecure – but because people click things. Phishing, business email compromise, malware attachments, credential harvesting – it all comes through the inbox. Here’s what proper email security looks like beyond basic spam filtering.
The Layers We Deploy
SPF, DKIM, and DMARC
These three DNS records work together to prevent attackers from spoofing your domain – sending emails that appear to come from you. Without them, someone can send an email as billing@yourcompany.com to your clients asking them to wire money. With them properly configured, those spoofed emails get rejected by receiving mail servers.
- SPF – Declares which servers are authorized to send email for your domain
- DKIM – Adds a cryptographic signature to outgoing email proving it’s authentic
- DMARC – Tells receiving servers what to do with email that fails SPF/DKIM (reject or quarantine)
Advanced Phishing Protection
Built into Microsoft 365 Defender and Google Workspace security:
- Impersonation detection (catches emails pretending to be your CEO, your bank, or trusted vendors)
- Safe Links – rewrites URLs and checks them at time of click (not just at delivery)
- Safe Attachments – opens suspicious attachments in a sandbox before delivering
- External email tagging – banners warning “this email came from outside your organization”
Inbound Filtering
Multiple layers of filtering before email reaches inboxes:
- Known malware signatures in attachments
- Reputation scoring of sending domains and IPs
- Content analysis for common phishing patterns
- Bulk mail filtering
- Quarantine for borderline messages (review without exposure)
Outbound Controls
- DLP policies preventing sensitive data from being emailed externally (credit card numbers, SSNs)
- Encryption for sensitive communications (automatic or manual trigger)
- Send-as restrictions (prevent unauthorized use of shared mailboxes)
What Happens When Phishing Gets Through
No filter catches 100%. When something gets through:
- Our SOC monitoring (RocketCyber) detects credential use from unusual locations
- MFA blocks the attacker even if they have the password
- We get alerted, investigate, and take action (password reset, session revoke)
- If credentials were entered on a phishing page, immediate password change + audit of what was accessed
Layered defense means one failure doesn’t equal a breach. The phishing email gets through the filter, but MFA stops the attacker, and SOC monitoring catches the attempt.
What We Configure for Every Client
Whether you’re on Microsoft 365 or Google Workspace, we configure: SPF/DKIM/DMARC, advanced phishing policies, external email tagging, safe links/attachments, MFA enforcement, and DLP policies appropriate to your business. All managed and updated as new threats emerge.
Need IT help? Seashore IT provides managed IT for businesses with 5-250 computers across the Western US. Flat monthly rate, 30-60 minute response, 24x7x365. Call (833) 997-6886 or email info@seashoreit.com.
Seashore IT – Your transparent IT partner, aligned to your goals, embedded in your success.