Stop Chasing Threats: How a Fixed-Target Model Changes Email Security

For decades, spam filters and traditional email security tools have taken the same approach: identify the latest threats, then try to block them.

Every time a new threat emerges, security vendors scramble to patch it. But by the time the fix rolls out, attackers have already moved on and the cycle repeats.

It’s like an endless game of whack-a-mole. But the moles keep getting smarter and the hammer still swings the same way.

A History of Chasing Moving Targets

Remember when email security started to take shape in the early 2000s?

First, the industry introduced Sender Policy Framework (SPF) to help domain owners specify which mail servers were allowed to send on their behalf. It was a good first step, but SPF was never designed to judge whether a message was wanted, safe, or useful. Attackers could still register lookalike domains that passed SPF perfectly.

So the industry responded with DomainKeys Identified Mail (DKIM), which used cryptographic signatures to show that a domain took responsibility for a message and that signed parts of the message had not been altered in transit.

But again, attackers found a way through—setting up their own domains and configuring DKIM so malicious emails could still look technically legitimate.

Then came Domain-based Message Authentication, Reporting and Conformance (DMARC), which added alignment and policy on top of SPF and DKIM to help domain owners tell receiving systems what to do when authentication checks failed.

DMARC made direct spoofing harder, but attackers changed tactics again. Instead of pretending to be the exact domain, they used lookalike domains, compromised accounts, display-name deception, and authenticated infrastructure that could pass the checks while still fooling users.

The bottom line is that we’ve been chasing a moving target for decades. Every new layer has made email harder to abuse in certain ways, but none of them have changed the underlying game: attackers adapt, threats evolve, and MSPs are still left answering the same client question: “How are all of these bad emails getting through?”

Why “Looks Safe” Isn’t Enough

AI-generated phishing has made the old game even harder to win. Malicious emails no longer have to look clumsy, generic, or suspicious. They can be polished, personal, technically authenticated, and convincing enough to slip past both users and tools.

But phishing is only one reason the inbox feels broken. Newsletters, sales outreach, vendor updates, and automated alerts may come from legitimate senders, but they still create noise, distraction, and decision fatigue.

Users don’t experience their inbox as a security verdict. They experience it as useful or distracting, trusted or questionable, wanted or unwanted.

Stop Chasing the Bad. Define the Good.

That’s why Mailprotector’s Shield starts from a different target.

Instead of chasing every possible “bad” thing an attacker, spammer, or sender might do next, Shield focuses on a fixed, more predictable signal: desired mail.

Because when you optimize around the messages users actually want to receive, the rest—malicious, suspicious, irrelevant, or simply unwanted noise—naturally falls away.

Zero Trust Makes Fixed Targets Possible

So how does Shield define the “good”? It starts with a zero trust foundation that closes the gap between “looks safe” and “is trusted.”

Unknown senders do not get direct access to the inbox just because they appear legitimate, pass authentication, or avoid a blacklist. They have to prove they belong before they get in.

But zero trust does not mean users start from scratch. Shield builds an initial trust network automatically from the relationships users already have: the people they’ve emailed before and trusted contacts inside their organization.

That gives each user a secure, realistic baseline from day one. Known relationships stay familiar. Known threats are still stopped. And nothing unknown is granted a free pass to the inbox.

Where Zero Trust Meets User Intent

From there, Shield refines the trust network around each user’s real communication patterns: who they exchange emails with, which new senders they trust or silence, and how their inbox changes over time.

This is the heart of the fixed-target model. Shield is not just scanning for threats. It’s learning what useful, wanted mail looks like for each person.

That shift changes the email experience for both users and MSPs. Users get a safer inbox that feels quieter, clearer, and more aligned with how they actually work. MSPs spend less time explaining why “safe-looking” emails got through, chasing false positives, or manually configuring settings around individual preferences.

Take a tour of Shield to see how zero trust, sender verification, and user intent work together to create a safer, quieter inbox.