Email Security & Cybersecurity Glossary

Adware is software that delivers unwanted advertisements, often bundled with spyware to track user behavior.

An Advanced Persistent Threat (APT) is a prolonged cyberattack in which attackers infiltrate a network and remain undetected while stealing

ARP spoofing is a local network attack where attackers send forged ARP messages to associate their MAC address with another

Baiting is a social engineering tactic where attackers lure victims with enticing offers or infected media devices.

Brand Indicators for Message Identification (BIMI) is a standard that allows organizations to display their official logo in email inboxes

A botnet is a network of compromised devices remotely controlled by attackers to launch large-scale cyberattacks.

Browser isolation runs web content in a secure, isolated environment to protect systems from malicious code on websites.

A brute force attack systematically attempts all possible passwords until the correct one is found.

Business Email Compromise (BEC) is a scam where attackers impersonate executives, employees, or vendors using spoofed or hacked accounts to

Container security involves protecting applications in containers by managing vulnerabilities, runtime, and permissions.

DNS-based Authentication of Named Entities (DANE) is a protocol that uses DNSSEC to bind TLS certificates to domain names, providing

Data exfiltration is the unauthorized transfer of sensitive information from a computer or network to an external destination controlled by

A Distributed Denial-of-Service (DDoS) attack floods a target with traffic to overwhelm systems and disrupt service availability.

DomainKeys Identified Mail (DKIM) uses cryptographic signatures to allow the receiving mail server to verify that an email was sent

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that protects against email spoofing and phishing by

A condition required for DMARC compliance where the domain in the visible “From” header aligns with the domains authenticated by

A DMARC analysis tool that helps organizations monitor, visualize, and interpret DMARC reports to understand authentication results and adjust policies.

When an email passes authentication and alignment checks as defined by SPF, DKIM, and DMARC policies, making it a trusted

The policy defined in the DMARC record that instructs receiving servers whether to monitor, quarantine, or reject emails that fail

A DMARC record is a DNS TXT entry that specifies the domain’s DMARC policy. It tells receiving mail servers how

The reporting mechanism of DMARC that provides aggregate (RUA) and forensic (RUF) reports to help organizations track authentication results and

Tags are the parameters inside a DMARC record (such as v, p, rua, ruf, pct) that define the domain’s authentication

The Domain Name System (DNS) is the hierarchical system that translates human-readable domain names into IP addresses that computers use

A Mail Exchange (MX) record is a type of DNS record that specifies the mail servers responsible for receiving and

A DNS record is a piece of data in the DNS that provides information about a domain, such as its

DNS spoofing, also known as cache poisoning, is an attack that inserts false DNS data into a resolver’s cache, redirecting

Domain Name System Security Extensions (DNSSEC) adds cryptographic signatures to DNS data to ensure authenticity and integrity, preventing tampering such

Email authentication refers to a set of techniques, including SPF, DKIM, and DMARC, used to verify that emails originate from

Email spoofing is a technique where attackers forge the sender address on emails to make them appear as though they

A honey trap scam uses fake personas, often romantic, to build trust and manipulate victims into revealing data.

Identity and Access Management (IAM) encompasses policies and tools that manage user identities and control access to organizational resources.

An insider threat is a risk posed by employees or contractors misusing their access, either maliciously or accidentally.

IP spoofing is the falsification of IP packet headers to impersonate another system, often used in denial-of-service attacks or to

An Intrusion Prevention System (IPS) is a network security tool that monitors traffic in real time to detect and block

A keylogger is software or hardware that records keystrokes to capture sensitive information such as passwords.

Malware-as-a-Service (MaaS) is a business model where malware developers rent or sell their tools to other attackers.

Malware is any software intentionally designed to disrupt, damage, or gain unauthorized access to computer systems.

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and alters communication between two parties without their knowledge.

Mail Transfer Agent–Strict Transport Security (MTA-STS) is a protocol that enforces secure TLS encryption for SMTP connections between mail servers,

A DMARC policy mode where emails failing authentication are monitored but still delivered to the recipient’s inbox. Used mainly for

A DMARC policy mode where unauthenticated emails are flagged as suspicious and typically sent to the spam/junk folder.

A DMARC policy mode where emails failing authentication are outright rejected and not delivered to recipients.

Privileged Access Management (PAM) is the control and monitoring of accounts with elevated privileges to reduce risks of misuse or

The percentage tag that defines what proportion of email messages should be subjected to the DMARC policy (useful for gradual

Penetration testing is an authorized simulated cyberattack to identify and fix vulnerabilities before attackers exploit them.

Phishing is a cyberattack method where attackers impersonate trusted entities through fraudulent emails or websites to trick users into revealing

Phishing-as-a-Service (PhaaS) is an illegal model where criminals provide ready-made phishing kits and infrastructure to others, enabling large-scale phishing campaigns

Piggybacking is a physical or digital security breach where an unauthorized person gains access by exploiting someone else’s legitimate credentials

Pretexting is a social engineering technique where attackers create a fabricated scenario to manipulate victims into divulging confidential information.

Ransomware-as-a-Service (RaaS) is a criminal model where ransomware developers lease their tools to attackers for profit.

Ransomware is malware that encrypts a victim’s files and demands payment in exchange for decryption.

A rootkit is a type of malware that hides its presence and grants attackers unauthorized administrative control of a system.

The “Aggregate Reports” tag that specifies the email address where DMARC XML aggregate reports should be sent.

The “Forensic Reports” tag that specifies the email address where detailed failure reports are sent when individual messages fail DMARC.

Scareware is malware that uses deceptive warnings to frighten users into installing malicious software or paying for fake services.

Security Service Edge (SSE) is a cloud-based cybersecurity framework that delivers secure access to applications, data, and services, no matter

Shadow IT refers to the use of unauthorized systems or applications within an organization, often creating security and compliance risks.

Shadow IT refers to the use of unauthorized systems or applications within an organization, often creating security and compliance risks.

Shoulder surfing is the act of stealing confidential information by watching a person enter data in public.

Smishing is phishing conducted via SMS messages, tricking recipients into revealing sensitive data or clicking malicious links.

Simple Mail Transfer Protocol (SMTP) is the standard protocol used to send and relay emails across the Internet.

Social engineering manipulates human behavior to bypass security systems, often using deception to trick people into sharing information.

Spam refers to unsolicited bulk emails, often commercial or malicious, that clutter inboxes and can contain threats.

Spear phishing is a highly targeted form of phishing where attackers personalize messages to a specific individual or organization to

Sender Policy Framework (SPF) is an email validation system that identifies which mail servers are authorized to send email for

Spyware is malicious software that secretly monitors user activity and collects information without consent.

A tailgating attack is a physical security breach where an unauthorized person gains entry to a restricted area by closely

Transport Layer Security (TLS) is a cryptographic protocol that encrypts data exchanged over a network, ensuring privacy and integrity for

SMTP TLS Reporting (TLS-RPT) is a feedback mechanism that provides domain owners with reports about email delivery issues related to

A Trojan horse is malware disguised as legitimate software that tricks users into installing it, providing attackers access to the

Two-Factor Authentication (2FA) is a security process that requires users to provide two different types of credentials to verify their

Typosquatting is the practice of registering misspelled domains to trick users into visiting malicious websites.

The version tag in a DMARC record, which must always be set to DMARC1 to indicate the protocol version.

A computer virus is a type of malware that attaches itself to programs or files and spreads when they are

Vishing is phishing over voice calls, where attackers impersonate trusted entities to extract information.

A Virtual Private Network (VPN) creates an encrypted tunnel between a device and a server to protect data in transit

A watering hole attack compromises websites likely to be visited by a target group, infecting them with malware.

Whaling is a type of phishing that specifically targets high-ranking executives or individuals with privileged access by impersonating trusted colleagues

Zero Trust is a security model that assumes no user or system is inherently trustworthy and requires continuous verification for

A zero-day vulnerability is an unknown software flaw that attackers exploit before the vendor has issued a patch, leaving systems