Recent research indicates that around 17% of email threats manage to bypass conventional Secure Email Gateways (SEGs). This alarming statistic underscores the limitations of traditional security measures, particularly as modern social engineering attacks transcend the inbox, targeting users across various digital communications platforms.
In late 2025, the volume of email bombing incidents soared a staggering 100 times, escalating from 200,000 to over 20 million messages. Such attacks flood inboxes with benign communications, subsequently allowing attackers to exploit trust through other channels, such as collaboration tools or phone calls.
Darktrace has recently announced significant enhancements to its Darktrace / EMAIL platform, specifically designed to tackle emerging cross-domain attacks and fortify outbound trust, making it a relevant consideration for security leaders in 2026.
“Email is the starting point for attacks that quickly expand into other parts of the digital ecosystem,” remarks Constance Stride, SVP of product at Darktrace. “Our latest innovations extend multi-domain detection by linking behavioural signals across email, identity, and SaaS to uncover advanced attacks.”
Darktrace’s enhancement of its EMAIL platform integrates with Darktrace / IDENTITY, enabling it to correlate suspicious activities and reinforce user protection against account takeovers.
To further secure outbound communications, Darktrace has introduced Brand Indicators for Message Identification (BIMI) support, allowing organisations to display verified logos directly in recipients’ inboxes.
This not only enhances brand recognition but also aids in identifying impersonation attempts, reinforcing user trust during critical interactions—especially vital during high-risk periods like Black Friday, where phishing attacks surged by 1,317% in November 2025.
Moreover, human error continues to pose a significant risk, with misdelivered emails accounting for 72% of data exposure incidents. Darktrace’s behavioural data loss prevention (DLP) capabilities automatically identify sensitive information across communications, leveraging a domain-specific language model to intervene when abnormal patterns emerge, thus reducing the likelihood of unintentional breaches.
