BenchmarksStack Ranking
H33-128H33-CKKSH33-256H33-BFV32H33-FHE-IQFHE OverviewZK LookupsBiometricsH33-3-KeyH33-MPCPQC ArchitecturePQ VideoStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key
SOC 2

Email Authentication / Phishing and Spam Detection

Effective: March 17, 2026 · DCF-687

1. Purpose

This policy defines the email security controls implemented by H33.ai to protect against phishing, spam, email spoofing, and business email compromise (BEC) attacks. Email remains a primary attack vector for credential theft and social engineering, making robust email authentication and threat detection essential to protecting H33.ai's workforce, customers, and cryptographic infrastructure.

2. Scope

This policy applies to all email communications sent and received using the h33.ai domain, including all Microsoft 365 accounts provisioned for H33.ai personnel. It covers email authentication protocols, anti-phishing controls, anti-spam filtering, and security awareness training related to email-borne threats.

3. Email Platform

ProviderMicrosoft 365
Security PackageHIPAA Security Package (Business Premium or E5 with HIPAA BAA executed)
Domainh33.ai
Admin PortalMicrosoft 365 Admin Center with role-based access
ComplianceMicrosoft 365 HIPAA Business Associate Agreement (BAA) in place

4. Email Authentication Controls

H33.ai implements the following email authentication standards to prevent domain spoofing and ensure message integrity:

4.1 SPF (Sender Policy Framework)

  • SPF TXT record published in DNS for the h33.ai domain
  • Specifies authorized sending IP addresses and services (Microsoft 365, Amazon SES for transactional email)
  • SPF policy set to -all (hard fail) to reject unauthorized senders
  • Reviewed quarterly or whenever email sending infrastructure changes

4.2 DKIM (DomainKeys Identified Mail)

  • DKIM signing enabled for all outbound email from h33.ai
  • 2048-bit RSA keys used for DKIM signatures
  • DKIM keys rotated annually
  • DKIM validation enabled for all inbound email

4.3 DMARC (Domain-based Message Authentication, Reporting, and Conformance)

  • DMARC policy set to p=reject for the h33.ai domain
  • DMARC reports (RUA) collected and reviewed monthly for unauthorized sending attempts
  • Forensic reports (RUF) enabled for failed authentication analysis
  • Subdomain policy (sp=reject) applied consistently

5. Anti-Phishing Controls

H33.ai leverages Microsoft Defender for Office 365 to provide multi-layered phishing protection:

5.1 Safe Links

  • URL rewriting and time-of-click verification enabled for all inbound email
  • Safe Links policies applied to Microsoft Teams messages and Office documents
  • URL detonation in sandbox environment for unknown links
  • Real-time URL reputation checks against Microsoft threat intelligence

5.2 Safe Attachments

  • All email attachments scanned in a sandbox environment before delivery
  • Dynamic delivery enabled to allow email body while attachments are being scanned
  • Known malicious attachments blocked and quarantined
  • Safe Attachments policies extended to SharePoint, OneDrive, and Teams

5.3 Anti-Phishing Policies

  • Impersonation protection enabled for key personnel (CEO/CISO Eric Beans and executive accounts)
  • Domain impersonation detection for h33.ai and related domains (auth1, cachee.ai)
  • Mailbox intelligence enabled to learn communication patterns and detect anomalies
  • First contact safety tips displayed for new external senders
  • Unusual character detection for display name and domain spoofing attempts

6. Anti-Spam Controls

Exchange Online Protection (EOP) provides comprehensive spam filtering:

6.1 Connection Filtering

  • IP Allow/Block lists maintained and reviewed quarterly
  • Connection filtering uses Microsoft real-time block lists (RBLs)
  • Sender reputation filtering enabled

6.2 Content Filtering

  • Spam Confidence Level (SCL) thresholds configured per organizational requirements
  • Bulk email filtering enabled with threshold set to 6
  • High-confidence spam automatically quarantined
  • Spam notifications sent to users daily for quarantine review

6.3 Outbound Spam Filtering

  • Outbound spam filtering enabled to prevent H33.ai accounts from being used to send spam
  • Suspicious forwarding rules detected and alerted
  • External email forwarding restricted to approved addresses only
  • Rate limiting applied to outbound email to detect compromised accounts

7. Security Awareness Training

H33.ai conducts regular phishing awareness training and simulations:

PlatformMicrosoft Attack Simulation Training (part of Defender for Office 365)
FrequencyMonthly phishing simulations; quarterly training modules
Target Report RateGreater than 50% of employees correctly report simulated phishing emails
Target Failure RateLess than 5% of employees click simulated phishing links
RemediationEmployees who fail simulations receive immediate targeted training
MetricsTracked monthly in Microsoft 365 Security Center; reported quarterly to CISO

8. Incident Reporting

All H33.ai personnel are required to report suspected phishing emails using the following procedures:

  • Primary method: Use the "Report Message" button in Outlook to report phishing, junk, or suspicious emails directly to the security team
  • Secondary method: Forward the suspicious email as an attachment to security@h33.ai
  • Do not: Click links, open attachments, reply, or forward suspicious emails to other personnel
  • Response SLA: Security team acknowledges reports within 4 hours during business hours and provides disposition within 24 hours

9. Administrative Controls

  • Multi-factor authentication: Required for all Microsoft 365 accounts without exception
  • Conditional access: Policies enforce MFA, compliant device requirements, and location-based restrictions for admin access
  • Privileged access: Global admin and Exchange admin roles require additional MFA step and are limited to authorized personnel
  • Audit logging: Microsoft 365 unified audit logging enabled with 1-year retention
  • Mail flow rules: External email tagging applied (visual banner) to distinguish external from internal communications
  • Legacy authentication: Disabled across all Microsoft 365 services

10. Monitoring and Reporting

Email security is monitored through:

  • Microsoft 365 Security Center: Dashboards for threat detection, email flow, and phishing simulation results
  • Threat Explorer: Used for investigating detected threats, reviewing quarantined messages, and analyzing attack campaigns
  • DMARC reports: Monthly review of aggregate and forensic reports for h33.ai domain authentication
  • DataDog integration: Microsoft 365 security events forwarded to DataDog for centralized monitoring and alerting

11. Review Schedule

This policy and all associated email security configurations are reviewed quarterly, or sooner if:

  • A phishing incident successfully compromises an H33.ai account
  • Microsoft releases significant updates to Defender for Office 365 capabilities
  • Email authentication standards (SPF, DKIM, DMARC) are updated
  • Phishing simulation results indicate training program adjustments are needed

The next scheduled review is June 2026.

Questions?

Contact the Security Officer at security@h33.ai or the Compliance team at compliance@h33.ai.

H33.ai, Inc. · 11533 Brighton Knoll Loop, Riverview, FL 33579 · 813-464-0945