Conosco has been added to Mimecast's Security Researcher Wall of Fame, recognising responsible disclosure efforts led by Martin Hodgson, Consultant at Conosco. The accolade reflects disciplined security work carried out within a broader programme to strengthen email authentication across suppliers and partners. Conosco thanks Mimecast for its open, collaborative approach to coordinated disclosure and for publicly acknowledging the contribution.
Email is still the primary entry point for fraud and compromise. Criminals blend technical weaknesses with social engineering to move money, harvest credentials, and pivot into core systems. The UK National Cyber Security Centre highlights business email compromise as a significant risk and offers practical measures to reduce the likelihood and impact of an incident.
The threat is not abstract. Recent attacks against UK retailers used help desk impersonation to persuade staff to reset credentials, a tactic that bypasses many traditional controls. This is precisely where disciplined email authentication and strong process guardrails help reduce the blast radius.
Many brands now rely on a multitude of cloud platforms, marketing tools, finance systems, and ticketing services that send emails on their behalf.
Each sender must be authenticated correctly. Any drift creates blind spots.
Common failure modes include:
Mailbox providers are also raising the bar. Gmail and Yahoo have introduced explicit requirements for senders, including authentication and DMARC for bulk mail. Poorly authenticated emails may face throttling, be placed in the spam folder, or be rejected.
Coordinated disclosure is not performative. It is a practical way to shorten the window between discovering a weakness and closing it across the ecosystem. Mimecast's policy sets clear expectations for scope, collaboration, and timelines, and the Security Researcher Wall of Fame recognises researchers who follow that process. Conosco appreciates the partnership and the professionalism shown in turning findings into fixes.
Conosco's Email Domain Security, delivered through its Brand Protection service, focuses on outcomes. It brings domains under governance, authenticates every legitimate sender, and blocks impersonation at scale. The approach combines standards with continuous monitoring and expert stewardship.
SPF, DKIM, and DMARC
Sender Policy Framework lists who is allowed to send for the domain. DomainKeys Identified Mail provides a cryptographic signature that proves the message has not been altered. Domain-based Message Authentication, Reporting and Conformance ties it together, instructing receivers how to handle unauthenticated email and providing reports that show who is using the brand.
BIMI
Brand Indicators for Message Identification displays the verified brand mark in supported inboxes once DMARC is enforced. It rewards the hard work of authentication with better recognition and trust.
MTA STS and TLS reporting
Mail Transfer Agent Strict Transport Security tells senders to use encrypted transport and what to expect when connecting to the domain. SMTP TLS Reporting provides feedback when that transport fails. Together, they reduce downgrade and interception risk in transit, which matters for sensitive workflows.
Continuous monitoring and adjustment
Email ecosystems change constantly. New marketing platforms appear. Legacy apps are retired. Vendors rotate IPs. Conosco monitors authentication and transport signals, tunes the policy, and keeps legitimate traffic flowing. It is a managed path to enforcement without breaking delivery.
Fewer successful impersonation attempts
Strong authentication stops most spoofing before it reaches the inbox. Attackers must then fall back on more expensive methods, which are easier to detect and contain. The NCSC's guidance is clear that layered controls and robust processes reduce the likelihood of payment diversion and account takeover.
Better deliverability and reputation
An authenticated email performs better. Gmail and Yahoo have set clear expectations for authentication and complaint rates. Meeting those standards protects reputation and improves placement.
Clarity on third-party senders
DMARC reporting reveals who is sending on behalf of the domain. This creates a reliable inventory of legitimate services, highlights shadow senders, and provides evidence to hold vendors accountable.
Transport assurance for sensitive flows
MTA STS gives confidence that inbound transport is encrypted and aligned to the right servers. TLS reporting informs the team when a problem occurs. This combination strengthens assurance for legal, finance, and healthcare communications.
Technology alone does not neutralise social engineering. Policies and training must reinforce double checks, out-of-band confirmations, and clear rules for password resets and payment changes. The NCSC continues to recommend these human controls alongside technical measures, and recent UK incidents underscore the point. Conosco's EDS programme aligns both layers, making the brand hard to impersonate, and staff know how to respond when pressure arrives.
Conosco thanks Mimecast and the security community for the professional handling of responsible disclosure. Recognition on the Wall of Fame belongs to Martin Hodgson and the wider Email Domain Security team. For details on Mimecast's policy and the Security Researcher Wall of Fame, see the official page.
Bring domains under control. Stop impersonation. Improve deliverability. Book an Email Domain Security demo to see how Conosco's Brand Protection service quickly closes gaps and keeps them closed.
References