Detection & Response

How can you identify a compromised sending domain? How can you detect unusual sending patterns? What are warning signs of compromise? What are forensic email headers? How to perform header forensics? What’s the difference between header and body analysis? What is anomaly detection in outbound traffic? How can DMARC RUF reports support incident response? What are best practices for handling phishing reports? What’s the process for triaging abuse reports? How to handle false positives (legit emails marked as phishing)? How to communicate with affected users or clients? How to recover brand trust after a phishing attack? What metrics indicate successful remediation?