Email Security 101: the basics that hold across attack types

Email security has three layers that hold across nearly every attack class: authentication (SPF, DKIM, DMARC) that proves the sending domain, content filtering that catches obvious patterns, and a deterministic gate that handles the senders the content filter cannot reliably classify. This pillar walks through the basics and links to ten field notes on filter mechanics, the difference between probabilistic and deterministic systems, sender reputation, and the new economic-filtering category Rythm sits in. Use it as a starting point for evaluating any inbox-protection layer. Read in order if email security is new to you. Skim by topic if you are evaluating a specific control. The reading list is curated to leave a knowledge worker with a working mental model of how an inbox is defended in 2026, why content classifiers struggle with AI-generated phishing and clean cold outreach, and what fills the gap.

What are the three layers of email security?

Authentication, content filtering, and a deterministic gate at the inbox door.

What is SPF, DKIM, DMARC?

Three authentication standards.

What is sender reputation?

A score that mailbox providers attach to a sending domain or IP.

What is economic email filtering?

Filtering based on whether a sender will pay a small cost.

Secure My Inbox

An open dune horizon at dawn. Wide field, breath of distance.

Email Security 101

Email security 101.

The basics that hold across nearly every attack class. Three layers, ten field notes, one starting point.

Try Rythm, $1.65/month How it works

Most email security problems sit in one of three layers. Authentication on the sender side proves a domain is allowed to send. Content filtering at the receiving provider catches the obvious cases (mass blacklist domains, classic phishing kits, malware payloads). And a known-or-pay gate at the inbox door handles the senders the content filter cannot reliably classify: cold outreach, AI-generated pitches, polished first emails from unknown domains.

The first two layers are well documented. SPF, DKIM, and DMARC are standardized and supported in every major mail provider. Gmail and Outlook ship effective bulk-spam filtering by default. The third layer is newer and is the layer Rythm sits in. The field notes below cover both halves: how the existing layers work, where they break, and what fills the gap.

Read in order if email security is new to you. Skim by topic if you are evaluating a specific control. The reading list is curated to leave a knowledge worker with a working mental model of how an inbox is defended in 2026.

What is economic email filtering

The new category: filtering on whether a sender will pay a small cost, not on what their message says.

What is an email paywall

A plain-English definition and the two-decade history of the idea.

What is a non-custodial email service

The difference between encryption, custody, and what a provider sees.

What is DMARC, DKIM, and SPF

The three sender-authentication standards and what they each do.

What is sender reputation

How mailbox providers score sending domains and IPs, and where the score lags reality.

Email bounce vs block vs filter

A short explainer on the three things people mean when they say "the email did not arrive".

What happens to filtered emails

The difference between deletion, the spam folder, and a waiting room you control.

Email paywall vs spam filter

Two shapes that answer different questions about who reaches your inbox.

Rules, not guesses

On the difference between probabilistic and deterministic systems, and why it matters in your inbox.

Why we chose deterministic filtering

A founder note on why Rythm does not use ML to classify inbound mail.

One plan. One price.

Keep your existing Gmail or Outlook. Cancel anytime.

$1.65

per month

Start protecting

Annual on Lightning includes one bonus month. See full pricing.