Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Email authentication and attachment controls: are your defenses keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Email remains the starting point for most cyberattacks, with phishing, spoofed senders, malicious attachments and deceptive URLs still driving data loss and fraud, according to GlobalSign’s Trust.ID Talk episode with Stefan Cink. The operational lesson is clear: email security fails when teams treat SPF, DKIM, DMARC and attachment handling as optional layers rather than baseline controls.

NHIMG editorial — based on content published by GlobalSign: an analysis of email security, phishing and trust controls

By the numbers:

Questions worth separating out

Q: How should security teams implement email authentication without breaking delivery?

A: Start by publishing SPF, DKIM and DMARC for all sending domains, then move policy gradually from monitoring to quarantine and reject.

Q: Why do spoofed emails still succeed when authentication controls exist?

A: Spoofed email still works when organisations treat authentication as a checkbox rather than an enforcement mechanism.

Q: What do organisations get wrong about attachment security in email?

A: Many teams focus on blocking obvious malicious files but leave too many high-risk formats available by default.

Practitioner guidance

  • Enforce DMARC rejection policies Move SPF, DKIM and DMARC from visibility-only to quarantine or reject enforcement, starting with high-value domains that are commonly spoofed in approvals, invoices and password reset flows.
  • Restrict attachment types by business need Define a minimal inbound attachment allow-list and block unnecessary file types by default, especially formats that support macros, active content or embedded links.
  • Add safe conversion for high-risk files Convert risky inbound documents to PDF or another neutral format before user delivery so content can be reviewed while deeper inspection runs in the background.

What's in the full article

GlobalSign's full article covers the operational detail this post intentionally leaves for the source:

  • Practical explanation of SPF, DKIM and DMARC deployment decisions for domain owners and mail administrators
  • More detail on attachment conversion and allow-list strategies for reducing malicious file exposure
  • Discussion of how API-based checks support real-time detection and certificate delivery in email workflows
  • Context on email encryption choices for organisations balancing user experience and compliance

👉 Read GlobalSign’s analysis of email authentication, phishing and attachment controls →

Email authentication and attachment controls: are your defenses keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Email remains a trust-layer problem, not just a filtering problem. The article is right to frame phishing as a persistent entry path, because the attacker wins when a message is accepted as operationally legitimate. In governance terms, the failure is not simply poor detection, but weak sender trust enforcement across the full message path. That is why email controls must be treated as identity-adjacent security controls, not as a separate helpdesk issue. Practitioners should manage email as part of the broader identity and fraud boundary.

A question worth separating out:

Q: Who is accountable when email spoofing leads to fraud or identity compromise?

A: Accountability usually sits across security, messaging, identity and business-operations teams because email is both a transport channel and an identity trust layer. If a spoofed message can trigger payments, password resets or vendor changes, the organisation has a governance problem, not just a mail filtering problem. Frameworks such as NIST CSF and ISO 27001 support that shared control model.

👉 Read our full editorial: Email authentication and attachment controls are still failing



   
ReplyQuote
Share: