Email Security

85% of Breaches Start in Your Inbox — Is Yours Protected?

Email is the attack vector in 85% of UK breaches. AMVIA's managed email security stops phishing, BEC, and malware before they reach your team — with DMARC configuration, attachment sandboxing, and phishing simulation training. Trusted by 1,200+ UK businesses.

85%of UK cyber breaches involve a phishing attack as the initial entry point (DSIT 2025)
£125,000+average loss from a successful Business Email Compromise (BEC) attack on a UK business
1,200+UK businesses protected by AMVIA's managed email security service

Email security is the set of controls that stop phishing, malware, account takeover and spoofing reaching your inbox. It combines filtering, domain authentication (DMARC, DKIM, SPF) and staff training. AMVIA manages all three as a single security-first service for 1,200+ UK businesses — one provider, Microsoft-certified.

What Is Email Security?

Email security encompasses the technologies and processes that protect your business email from phishing attacks, malware delivery, account compromise, and email spoofing. An effective email security solution combines filtering (blocking malicious emails before they reach the inbox), authentication (verifying that emails claiming to be from your domain are genuine), and awareness training (helping your staff recognise and report suspicious emails). Microsoft 365 includes baseline email filtering, but most businesses need additional controls to protect against sophisticated attacks.

What Our Email Security Service Includes

AMVIA manages all layers of email security for UK businesses — from filtering and authentication to simulated phishing campaigns and user training.

Anti-Phishing and Spam Filtering

Advanced email filtering using machine learning and threat intelligence to block phishing emails, malware-laden attachments, and malicious URLs before they reach your users' inboxes.

DMARC, DKIM, and SPF Configuration

Email authentication protocols that verify messages are genuinely from your domain — preventing attackers from impersonating your business to suppliers, clients, or staff. We configure and monitor all three.

Business Email Compromise (BEC) Protection

AI-based detection of impersonation attacks where criminals pose as senior staff or trusted suppliers to authorise fraudulent payments. BEC is the highest-value email threat facing UK SMEs.

Attachment Sandboxing

Suspicious email attachments are detonated in an isolated sandbox environment before being delivered, preventing weaponised documents and executables from reaching your users.

Email Archiving and Continuity

Compliant email archiving for regulatory purposes (FCA, SRA, GDPR), plus email continuity services that keep your inbox accessible even if Microsoft 365 suffers an outage.

Phishing Simulation Training

Regular simulated phishing campaigns test your staff's awareness, with targeted training for users who click. Measurably reduces susceptibility to real phishing attacks over time.

Email Security Checklist

Key email security controls every UK business should have in place.

DMARC policy configured with p=quarantine or p=reject

DKIM signing enabled for your email domain

SPF record published and validated

MFA enforced on all email accounts

Attachment and URL scanning active on inbound email

Staff phishing awareness training completed in the last 12 months

This page sits under our managed cybersecurity pillar. If email is where your risk concentrates, start here, then book a free security audit to see exactly where your defences leak.

How does managed email security work?

Managed email security layers three defences and keeps them tuned: filtering blocks malicious mail at the gateway, authentication proves who really sent a message, and simulation training hardens your people. AMVIA runs all of it on Microsoft Defender plus the Barracuda email suite, so accountability never splits across vendors.

What we manage for you:

  • Anti-phishing and spam filtering — machine-learning and threat-intelligence filtering blocks phishing, malicious URLs and weaponised attachments before delivery.
  • DMARC, DKIM and SPF — we configure and monitor all three so attackers cannot impersonate your domain. See our dedicated DMARC, DKIM and SPF setup service.
  • Business Email Compromise detection — behavioural analysis flags impersonation of executives and suppliers; detail on our business email compromise page.
  • Attachment sandboxing — suspicious files are detonated in isolation before they reach a user.
  • Email archiving and continuity — tamper-evident archiving and inbox access that survives a Microsoft 365 outage.
  • Phishing simulation training — measured campaigns that cut click rates, covered on our phishing simulation page.

Why do UK SMEs need email security?

Email is the single biggest attack surface for UK businesses, and the default Microsoft 365 filtering most firms rely on does not stop targeted attacks. Phishing was the most common breach type identified in the UK Government's 2025 survey, affecting roughly 85% of businesses that reported a breach.

The numbers are blunt:

  • 85% of UK cyber breaches involve a phishing attack as the initial entry point (DSIT 2025) — confirmed in the Cyber Security Breaches Survey 2025.
  • £100,000–£150,000 typical loss from a successful Business Email Compromise (BEC) attack on a UK business (typical UK 2026 range).
  • overall IC3-reported cybercrime losses increased 33% from 2023 (FBI IC3 2024 report).
  • 1,200+ UK businesses protected by AMVIA's managed email security service.

The NCSC's phishing guidance is clear that technical controls and user awareness have to work together — which is exactly how we build the service.

What's the difference between in-house and managed email security?

In-house email security depends on one busy admin keeping policies, DNS records and training current. Managed email security gives you a dedicated team owning all of it with a 24/7 SOC behind the alerts. The table below shows where the gap shows up.

CapabilityIn-house / default M365AMVIA managed email security
Filtering tuningDefault settings, rarely reviewedDefender + Barracuda, tuned and audited
DMARC/DKIM/SPFOften missing or in monitor-onlyConfigured, monitored, moved to enforcement
BEC / impersonation detectionLimitedBehavioural detection on every inbound
Phishing simulationAd hoc or noneQuarterly campaigns with department reporting
Archiving and continuityManual or absentCompliant archiving + outage continuity
Response when something slips throughWhoever is freeIn-house 24/7 SOC

What types of email attack does it stop?

Email attacks split into a handful of repeatable patterns, and a layered service is built to counter each one. Filtering and sandboxing handle malware; authentication handles spoofing; behavioural detection and trained staff handle the social-engineering attacks that carry no payload at all.

  • Phishing — mass emails impersonating banks, HMRC or Microsoft to harvest credentials.
  • Spear-phishing — researched, personalised attacks aimed at finance and IT staff.
  • Business Email Compromise — payment-fraud impersonation that uses trust, not malware.
  • Malware delivery — macro documents, ZIPs and links that drop ransomware or remote-access tools.
  • Spoofing — mail forged to look like your own domain, which DMARC, DKIM and SPF shut down.

How do DMARC, DKIM and SPF protect your domain?

DMARC, DKIM and SPF are DNS records that let receiving servers verify mail genuinely came from your domain. SPF lists your authorised senders, DKIM signs each message cryptographically, and DMARC decides what happens to anything that fails. Together they stop attackers sending mail as you.

We deploy DMARC in monitoring mode first, review the aggregate reports, clean up legitimate senders, then move to `p=quarantine` or `p=reject` — so enforcement never blocks real business mail. Microsoft's own guidance on email authentication is documented at learn.microsoft.com.

Microsoft 365 email security vs a managed service — what's the difference?

Microsoft 365 includes real protection: Business Premium ships Microsoft Defender for Office 365 Plan 2 with Safe Links, Safe Attachments and anti-phishing policies. The catch is configuration — the default settings are not the most secure settings, and Basic and Standard tiers only include Exchange Online Protection.

AMVIA audits your licence, tunes Defender to a hardened baseline, and adds the Barracuda email gateway where the tier needs more — sandboxing, archiving and continuity. For deeper Microsoft hardening, see Microsoft Defender for Business. Regulated firms — for example SRA-regulated law firms — also get archiving that supports FCA, SRA and GDPR retention obligations.

How much does managed email security cost?

For businesses already on Microsoft 365 Business Premium, AMVIA's management service costs from £5 per user per month, covering Defender tuning, DMARC implementation and phishing simulations. Where a tier needs a third-party gateway, expect £3–£8 per user per month for the gateway licence on top of management.

The underlying Microsoft licences are list-priced (ex VAT, annual) on microsoft.com/en-gb: Business Basic £4.60, Business Standard £9.60 and Business Premium £16.90 per user per month. Premium is usually the cheapest route to strong email security because Defender Plan 2 is bundled in.

Frequently Asked Questions

One Phishing Email Could Cost You £125,000 — Check Your Defences Now

Get a free email security assessment — we will check your DMARC configuration, review your filtering policies, and identify gaps in your protection. Takes less than 2 minutes. No commitment.

Trusted by 1,200+ UK Businesses
Cyber Essentials Plus
Microsoft Solutions Partner — Modern Work, Security & Azure Infrastructure