The Phishing Defense Stack

A phishing defense built for 2026 has three layers that work together. Authentication on the sender side (SPF, DKIM, DMARC). Reputation-aware content filtering at the provider (Gmail, Outlook, Microsoft Defender). A deterministic gate at the inbox door that imposes structural friction on bulk attempts and fresh-domain impersonations. Each layer catches what the others miss; none replaces the others. This pillar collects the field notes on the structural shift in phishing (AI-generated content, fresh-domain impersonation, BEC, M365 as the top vector) and the controls that hold across them. Read top-to-bottom for an end-to-end view, or jump to the field note that fits the threat shape you are facing. Per Keepnet Labs, AI-generated phishing is 24% more effective than human-written. Per StrongestLayer, click-through has gone from 12% to 54%. Per The European, AI-phishing volume is up roughly 204% year over year. Content classifiers have not kept pace, because the question they ask (does this look like phishing) has gotten structurally harder to answer from content alone in 2026. The deterministic gate changes the question to one about identity and intent.

How effective is AI phishing?

Per Keepnet Labs, AI phishing is 24% more effective.

What is BEC?

Business Email Compromise.

Why is Microsoft 365 the top phishing vector?

Adoption density and OAuth scope abuse.

Secure My Inbox

An open dune horizon at dawn. Wide field, breath of distance.

Phishing Defense Stack

The phishing defense stack.

A working defense for AI-generated phishing, BEC, fresh-domain impersonation, and the Microsoft 365 vector.

Try Rythm, $1.65/month How it works

Phishing in 2026 looks structurally different than phishing in 2016. AI tools generate prose indistinguishable from a real first email at near-zero cost. Per Keepnet Labs, AI-generated phishing is 24 percent more effective than human-written. Per StrongestLayer, click-through has gone from 12 percent to 54 percent. Content classifiers have not kept pace, because the question they are asking (does this look like phishing) has gotten harder to answer from content alone.

A working defense in 2026 has three layers. Authentication on the sender side (SPF, DKIM, DMARC). Reputation-aware content filtering at the provider (Gmail, Outlook, Microsoft Defender). A known-or-pay gate at the inbox door that imposes structural friction on bulk attempts and fresh-domain impersonations. Each layer catches what the others miss; none replaces the others.

The field notes below cover the structural shift in phishing (anatomy, mechanics, why content classification is losing) and the controls that hold across attack classes. Read in order for an end-to-end view, or jump to the note that fits the threat shape you are facing today.

The anatomy of a modern phishing email

A structural breakdown of the six parts of a 2026 phishing email and which ones the filter cannot catch.

How to defend your inbox from phishing in 2026

A practical playbook for the post-AI phishing era. What still works, what does not.

Why phishing emails are getting harder to spot

A field walkthrough of the specific reasons content-based defenses are losing ground.

Phishing emails that fool Gmail

Specific message shapes Gmail does not catch and why they slip through.

Seven phishing patterns knowledge workers see

Seven recurring shapes specific to inboxes belonging to consultants, founders, and professionals.

Microsoft 365 as the top phishing vector

Why M365 became the most-targeted environment and what changes the math.

Business email compromise (basics)

A short, plain-English explainer on the highest-loss email-attack class.

BEC survival guide for small business

A small-business view of what BEC looks like, what stops it, and what does not.

Why we do not use AI to fight phishing

A founder note on the difference between content classification and structural friction.

Real estate wire fraud and email protection

A working playbook for closing teams handling wire instructions over email.

Construction invoice fraud and email protection

A field walkthrough of how invoice-redirect fraud reaches contractors.

One plan. One price.

Keep your existing Gmail or Outlook. Cancel anytime.

$1.65

per month

Start protecting

Annual on Lightning includes one bonus month. See full pricing.