Email Security
Deployment and
Configuration
An advanced email security layer deployed on top of Microsoft 365 — AI-powered phishing detection, impersonation protection, payment diversion controls, and enforced DMARC authentication. Business email compromise is the leading cause of financial loss for professional services firms in the UK. This addresses it directly.
Indicative Pricing
Example: 20-user firm — £600 + (10 × £25) = £850 + VAT
Payment: 50% on commencement · 50% on completion
Solutions: Mimecast or Proofpoint Essentials
Microsoft 365's native email protection is not enough for firms handling client money or sensitive instructions.
Microsoft 365 includes baseline anti-spam and anti-phishing protection. It catches commodity threats well. It does not provide the depth of filtering, impersonation detection, or payment instruction controls required by a law firm receiving conveyancing completion funds, an accountancy practice handling payroll instructions, or a consultancy managing supplier payments on behalf of clients.
Business email compromise — where an attacker impersonates a senior partner, a client, or a trusted supplier to redirect a payment or extract sensitive information — is now the highest-value fraud vector against UK professional services firms. The attack does not need to breach your system. It needs to deceive a member of staff into trusting a fraudulent email. Technical controls cannot prevent human error, but they can make impersonation significantly harder to execute convincingly.
This engagement deploys an advanced email security solution as an additional layer above Microsoft 365's native controls — covering inbound threat detection, outbound data loss prevention, email authentication enforcement, and specific payment instruction controls designed for the professional services threat profile.
of UK businesses reported a phishing attack in the past year
NCSC Annual Review 2024. Email remains the primary attack vector.
in every £3 lost to fraud in the UK is lost via authorised push payment
UK Finance 2024. Payment diversion initiated via email is the dominant method.
of malware is delivered by email
Verizon DBIR 2024. Attachment and link-based delivery remain the leading malware vector.
of domains have no DMARC policy in place
Global DMARC adoption data 2024. An absent DMARC policy allows anyone to send email from your domain.
Six layers of protection. One coordinated deployment.
The deployment covers email authentication, inbound filtering, outbound controls, and — for professional services firms — payment instruction controls. All six components are configured in a single engagement.
Email Authentication
SPF record audit and configuration, incorporating every legitimate sending platform. DKIM signing for Exchange Online and authorised third-party senders. DMARC policy configured and progressed to enforcement — quarantine or reject — with aggregate reporting to a monitored address. No one sends email from your domain without authorisation.
AI-Powered Inbound Filtering
Phishing detection using AI and machine learning, going beyond signature-based detection to identify novel and targeted attacks. URL rewriting — every link in every delivered email scanned in real time at the point of click, not just at delivery. Safe attachments — files quarantined and detonated in a sandbox before delivery.
Impersonation Protection
Configuration of impersonation detection for your firm's senior personnel — detecting emails that claim to be from a partner or director but originate from an external address. Domain lookalike detection — flagging emails from domains visually similar to your own or those of trusted clients and suppliers.
Payment Instruction Controls
For law firms, accountancy practices, and professional services firms handling client money: configuration of enhanced scrutiny on emails containing payment details, account change requests, or urgent transfer instructions — the specific patterns associated with authorised push payment fraud and conveyancing fraud. This control is strongly recommended for any firm subject to SRA accounts rules.
Outbound Filtering
Data loss prevention configuration to detect and prevent the transmission of sensitive data via email — documents containing personal data, financial information, or client-confidential content. Anti-relay configuration to prevent your domain being used to send spam or malware if an account is compromised.
Email Archiving (where required)
Where email archiving is required for regulatory compliance — SRA obligations for law firms, HMRC requirements for accountancy practices — compliant email archiving configured within the solution with tamper-proof retention for the period confirmed in the Statement of Work. Not applicable where archiving is not required.
Live protection, documented configuration, and a handover.
Completion is the point at which the solution is live, inbound and outbound filtering is active, and DMARC, DKIM, and SPF are correctly published in DNS. Konve IT confirms this in writing.
Email Security Configuration Document
Delivered in PDF on completion. Confirms the solution deployed, SPF, DKIM, and DMARC records configured, filtering policies applied, any email archiving configuration, DMARC enforcement level and phasing plan where applicable, and administrator instructions for managing quarantine, reviewing DMARC reports, and adjusting policies.
Live Email Security Environment
Not a configuration exercise — the solution is live and actively filtering inbound and outbound email before the engagement closes. DMARC, DKIM, and SPF are published and verified in DNS. The first quarantine report is available to your administrator on completion.
Administrator Handover Session
A sixty-minute remote session with your nominated administrator covering the solution configuration, how to manage quarantined messages, how to read and act on DMARC aggregate reports, how to submit allow and block list requests, and what to do if a suspected phishing attack is identified.
Professional services firms where email-borne fraud is a material risk.
This is not a generic email security deployment. The configuration — particularly the payment instruction controls and impersonation protection — is designed specifically for the threat profile of UK law firms, accountancy practices, and professional services consultancies.
You are a law firm that handles client account transactions, conveyancing completions, or payment instructions by email.
Conveyancing fraud and payment diversion via email are two of the most commonly reported fraud types against UK law firms. The payment instruction controls configured in this engagement apply enhanced scrutiny to precisely those email patterns — account change requests, urgent transfer instructions, and completion fund notifications — that are most frequently exploited.
Your domain has no DMARC policy in place, meaning anyone can send email claiming to be from your firm.
An absent or unenforced DMARC policy allows an attacker to send a convincing email to your clients, claiming to be from your firm, with no technical indicator that it is fraudulent. This is the foundation of many supplier impersonation and invoice fraud attacks. Email authentication configuration alone — SPF, DKIM, and enforced DMARC — addresses this directly.
Your staff have received targeted phishing emails that Microsoft 365's native filtering did not catch.
Targeted, personalised phishing attacks — often called spear phishing — are designed to evade commodity detection. They reference real relationships, real events, and real individuals within your organisation. AI-powered detection, trained on behavioural signals rather than signatures, is specifically designed to catch what rule-based filtering misses.
Your professional indemnity insurer or a client due diligence questionnaire is asking about your email security controls.
Professional indemnity insurers and enterprise clients are increasingly asking specifically about email security controls — DMARC enforcement, advanced phishing detection, and email archiving. This deployment provides documented evidence of each control, suitable for submission to an insurer or inclusion in a client questionnaire response.
Each of the following is available separately or is the client's responsibility.
- Email security software licence fees where not proceeding to the Managed Retainer
- Configuration for additional domains beyond those confirmed in the SoW
- Ongoing management and policy tuning after completion
- Procurement or payment of Microsoft 365 licences
- Email archiving where not required by regulatory obligations
- Helpdesk or end-user support of any kind
Base fee plus per-user above ten.
The base fee covers the fixed overhead — DNS configuration, solution deployment, policy design, and testing. The per-user increment covers the genuinely variable element of configuring mailbox-level protection at scale.
Email Security Deployment and Configuration
Payment Milestones
Due before work begins. Covers DNS planning, solution provisioning, and policy design.
Due when the solution is live, DNS records are published and verified, and filtering is active. Or within five working days of Konve IT confirming completion.
Want ongoing management?
The Email Security Managed Retainer covers monthly policy tuning, threat reporting, DMARC monitoring, and incident response support. Licence included.
from £4.00 / user / month View Managed RetainerThree steps from enquiry to active protection.
The questionnaire for this engagement captures your email platform, domain configuration, authorised sending platforms, and DNS access arrangements. The more completely you answer it, the faster the deployment can begin.
Complete the onboarding form
Download and complete the Konve IT Client Onboarding Form. Captures your organisation details, contacts, sector, and regulatory obligations.
Complete the service questionnaire
Download and complete the Email Security Questionnaire. Captures your primary and additional domains, current DMARC status, all authorised sending platforms, DNS access arrangements, and archiving requirements.
Review and sign the Statement of Work
Konve IT issues a Statement of Work within two working days. On signature and receipt of the first instalment, deployment begins. DNS changes are typically implemented within 24 hours of Konve IT providing the required records.