Blog
Security insights, product updates, and email threat intelligence.
Analyze Email Headers for Threats with One API Call
The InboxWatch MCP endpoint accepts email headers and returns a threat score, authentication status, and detailed indicators. One POST request. No account required.
Add Email Security to Your Claude Agent in 5 Minutes
Step-by-step tutorial for connecting InboxWatch to Claude Desktop via MCP. One config file. No code to write. Your agent can analyze email headers for threats instantly.
Build a Phishing Detector with InboxWatch and Python
A complete Python script that reads .eml files, extracts email headers, and calls the InboxWatch API for threat analysis. Under 30 lines of code.
Email Triage Automation with InboxWatch
Three architectures for routing emails by threat level: webhook pipeline, Slack bot, and SOAR integration. Block, quarantine, or pass based on a single API call.
How Scattered Spider Moves Through Your Infrastructure
One phone call to the helpdesk. Nine days of unrestricted access. Rootkits, RMM tools, 7 AWS accounts, and full access to the security platform itself.
65 Seconds: How Cordial Spider Turns One Click Into Total Account Takeover
A real incident breakdown: one phishing click, a rogue MFA device in 65 seconds, 300,000+ files exfiltrated, 7 days undetected. From a SOC analyst who helped contain it.
The Threat Your Antivirus Can't See
Your spam filter catches phishing. Your antivirus catches malware. Nothing checks if someone already has a key to your inbox.
The Inbox Rules Attackers Create to Stay Hidden
How attackers create email rules to auto-delete security notifications, mark alerts as read, or move them to junk. Understanding MITRE ATT&CK T1564.008.
The Wire Fraud Playbook: How Attackers Intercept Payments
Step-by-step breakdown of BEC wire fraud: account compromise, forwarding rules, payment interception. FBI IC3: $2.9B in 2023. Prevention checklist included.
When Phishing Goes Offline: QR Code Attacks Inside Your Organization
QR code phishing bypasses email security entirely. The URL is not in the email body. A real incident: internal spoofing, malicious QR codes, multiple compromised accounts.
Someone Registered a Domain That Looks Like Yours
Typosquatting, combosquatting, and homoglyph attacks are the precursor to business email compromise. How to detect and respond to lookalike domains.
From One Inbox to the Whole Network
Email compromise is just step one. How attackers use a single inbox to move laterally, escalate privileges, and reach your domain controllers.
Your Employees Are Emailing Sensitive Data Right Now
Email is the #1 data exfiltration channel. Three patterns of data loss, how DLP detection works, and why forwarding rules are the persistent leak that DLP misses.
When the New Hire Is a Nation-State Operative
North Korean IT workers use fake identities, laptop farms, and RMM tools to infiltrate Western companies. How to detect Famous Chollima and protect your organization.
See what attackers see in your inbox
100+ security checks in under 60 seconds. 15 free scans, then $0.10 each.
Start Free Scan