The Changing Landscape of Email Trust | Email Security Part 1

Most IT leaders already know email is the primary attack vector. You see it every day through phishing attempts, spoofed domains, and impersonated vendors that slip past filters. 

What’s changing is not just the frequency of attacks but the sophistication behind them. Threat actors are eroding trust by mimicking executives, exploiting gaps in authentication, and manipulating the signals users rely on to determine legitimacy. 

How Email-Based Threats Are Evolving Beyond Filters

The scale of the impact is measurable: 

• 91% of cyberattacks begin with email (Verizon DBIR). 

• $2.9B in BEC-related losses were reported in 2023 alone (FBI IC3). 

Filtering isn’t enough. Trust is the new battleground. 

For a deeper dive into this shift, listen to Part 1 of our podcast series on email security where we unpack how attackers are undermining trust and what IT leaders can do about it. 

Microsoft’s Integrated Defense: Defender for Office 365 

For organizations on Microsoft 365, Defender for Office 365 is the baseline control. It isn’t just anti-spam; it’s tenant-level protection that integrates with Microsoft’s broader security ecosystem. 

Plan 1 (included in Microsoft 365 Business Premium): 

• • Anti-phishing, malware, and spam protection 

• • Safe Links and Safe Attachments with real-time scanning 

• • Coverage across Outlook, SharePoint, OneDrive, and Teams 

Plan 2 (included in Microsoft 365 E5 or E5 Security add-on): 

• • Advanced reporting and threat intelligence 

• • Automated investigation and response 

• • Attack simulation and user training 

• • Enhanced business email compromise protection 

Signals across identity, endpoints, and apps converge. Even if a phishing email gets through Outlook, related activity in other parts of the Microsoft ecosystem can still trigger containment.

Authentication Is No Longer Optional 

Microsoft, Google, and Yahoo now require SPF, DKIM, and DMARC for bulk senders. This is not theoretical. Misconfigured or missing records will block legitimate business email.

• SPF: Defines which mail servers are authorized to send. 

• DKIM: Cryptographically signs messages to prove integrity. 

• DMARC: Directs receivers on how to handle failed checks. 

By 2026, Gartner projects 90% of organizations will enforce DMARC, up from just 20% in 2023. 

Key Areas of Focus for Strengthening Email Defenses

• Audit domain authentication with MXToolbox or DMARC Analyzer. 

• Validate Microsoft licensing so you know what Defender features you already own. 

• Layer defenses by combining Microsoft’s native stack with API-based third-party tools that extend protection without breaking authentication.
   

Explore What’s Next with Sourcepass MCOE’s Email Security Series

Email security is no longer just about filtering threats. It’s about restoring trust. As attackers evolve, defenses must evolve too. The Sourcepass Center of Excellence for Microsoft helps IT teams strengthen their Microsoft ecosystem with strategic guidance, authentication best practices, and layered protection that scales.

Whether you're auditing your domain setup or evaluating Defender capabilities, now is the time to take a closer look at how trust is built and maintained across your email infrastructure.

In Part 2, we’ll examine how attackers are using AI to scale phishing campaigns and how Microsoft is responding with its own machine learning. Parts 3 and 4 will explore advanced authentication methods like MTA-STS and BIMI, and how to align email security with a Microsoft-powered defense-in-depth strategy.