Why “Low-Volume” Spoofing Is Still a Serious Risk

August 20, 2025

Low spoofing volume doesn’t reduce risk, especially when attacks are targeted at employees or trusted internal recipients.

Email Security
Email Security
1
min read
Why “Low-Volume” Spoofing Is Still a Serious Risk

We recently had a client facing a minor volume of spoofing emails being distributed from their domain. To address the issue, we recorded a detailed video explaining the problem, outlining the potential consequences for their company, and demonstrating what such spoofing emails could look like using an example from another case.

Their response was:"With such a small number of phishing emails compared to others, it's not a top priority for us right now".When we asked, "What if these emails are highly targeted, aiming to phish your employees?" we received no reply.This kind of response raises many concerns and highlights the challenges in creating a safer email environment for everyone.

DMARC
URIports
Email Security
Cybersecurity
Phishing
Spoofing
Emails
Related posts
All posts
Coordinated Subdomain Takeover Campaign Targeting US Universities

Attackers are hijacking abandoned .edu subdomains via orphaned CNAME records, serving spam under trusted university domains and exploiting SEO authority.

Coordinated Subdomain Takeover Campaign Targeting US Universities
Email Security
Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price

How an unregistered domain in Cloudflare's DMARC documentation silently exposed infrastructure data from dozens of organizations.

Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price
Email Security
FinTech AccessPay Exposed Internal Email Infrastructure Data for Years

A misconfigured DMARC record sent sensitive email infrastructure data to an unregistered domain, creating a long-term exposure risk.

FinTech AccessPay Exposed Internal Email Infrastructure Data for Years
Email Security