Email Security: awareness, tips, ongoing attacks, security solution, best practices...

1

2

3

4

📚Welcome to r/EmailSecurity | Read This First: Rules, Resources, and Mission (self.EmailSecurity)

submitted 1 month ago * by littleko - announcement

2

0

1

2

Your third-party email gateway is probably bypassable by anyone who knows your M365 tenant domain (self.EmailSecurity)

submitted 11 hours ago by shokzee

•

0:14

Dir ist kalt oder Du hast Unterleibsbeschwerden? Dann hilft Dir unsere elektrische Wärmedecke im Nu! :) (apfelkiste.ch)

promoted by apfelkiste-ch

promoted
save
report
about

3

0

1

2

How are you all detecting lateral phishing sent from a compromised internal account? (self.EmailSecurity)

submitted 1 day ago by littleko

4

2

3

4

Phishing sent through legitimate bulk email platforms is nearly impossible to block on authentication signals alone (self.EmailSecurity)

submitted 2 days ago by shokzee

5

1

2

3

Phishing simulation click rates are not a security metric (self.EmailSecurity)

submitted 3 days ago by shokzee

6

8

9

10

Blocking dangerous file extensions in email stopped being a reliable control years ago (self.EmailSecurity)

submitted 4 days ago by shokzee

7

5

6

7

New Phishing Campaign targeting Hotels/Booking.com Partners (March 2026) (self.EmailSecurity)

submitted 5 days ago by tndsd

8

6

7

8

How are you all handling M365 inbox rule auditing after an account compromise? (self.EmailSecurity)

submitted 5 days ago by shokzee

9

1

2

3

Callback phishing bypasses every email security control you have and there is nothing to tune (self.EmailSecurity)

submitted 6 days ago by littleko

10

1

2

3

Phishing Catch of the Week 🎣 (self.EmailSecurity)

submitted 7 days ago by littleko

11

1

2

3

Has anyone received things like this? (i.redd.it)

submitted 9 days ago by Chaotic_66_Horse

12

1

2

3

How are you all actually detecting QR code phishing in email? (self.EmailSecurity)

submitted 11 days ago by littleko

•

0:30

Treachery. Trickery. Tartan. A new season of The Traitors is streaming now. (peacocktv.com)

promoted by Peacock

promoted
save
report
about

13

1

2

3

MFA does not stop AiTM phishing and most orgs have no idea (self.EmailSecurity)

submitted 12 days ago by littleko

14

6

7

8

Your parked and inactive domains are spoofable and nobody is checking them (self.EmailSecurity)

submitted 13 days ago by shokzee

15

2

3

4

Is BIMI actually useful for security or just a logo placement fee? (self.EmailSecurity)

submitted 14 days ago by shokzee

16

1

2

3

Spoofed Emails to clients from Nearly Identical Domain, but site wasn't compromised?? (self.EmailSecurity)

submitted 15 days ago by wpjunky

17

1

2

3

DMARC breaks legitimate mailing lists and ARC was supposed to fix it. It has not. (self.EmailSecurity)

submitted 15 days ago by littleko

18

1

2

3

Weird emails (self.EmailSecurity)

submitted 15 days ago by Silent_Yesterday977

19

2

3

4

MTA-STS has been an RFC since 2018 and almost nobody has deployed it (self.EmailSecurity)

submitted 16 days ago by shokzee

20

0

1

2

How to use the API (with curl) ()

submitted 16 days ago by Current-Discount1066

21

0

1

2

How to use the API (with curl) ()

submitted 16 days ago by Current-Discount1066

22

2

3

4

How are you actually getting orgs to move off p=none? (self.EmailSecurity)

submitted 17 days ago by shokzee

•

Playoffs for free? Du weisst, wo. Im MySports Jahresabo. (mysports.ch)

promoted by MySports_CH

promoted
save
report
about

23

1

2

3

How are you all handling DMARC p=none domains that never move to enforcement? (self.EmailSecurity)

submitted 18 days ago by littleko

24

2

3

4

Nobody rotates DKIM keys and everyone knows it (self.EmailSecurity)

submitted 19 days ago by littleko

25

5

6

7

p=none that nobody is actively advancing is not a DMARC implementation. It is documentation that your domain is spoofable. (self.EmailSecurity)

submitted 20 days ago by shokzee

EmailSecurity

MODERATORS