When phishers clone your emails, your customers see a warning — not your logo.
imgSentinel signs every image in your outbound email. When a phisher blasts a copy of your template, we detect it from the image load pattern — and swap in the warning right inside the email, before anyone clicks.
The problem
Phishers don't design — they copy
The most convincing phishing emails are pixel-perfect clones of your real ones. Attackers save a genuine message you sent, swap the links, and blast it to your customers. Every logo, color, and footer is authentically yours.
Email auth doesn't catch it
SPF, DKIM, and DMARC authenticate the sending domain — and the phisher's own domain passes all three. Nothing in the delivery path knows the body was stolen from you.
Your customers pay for it
Victims judge an email by how it looks. When the clone is visually identical, the people who trust your brand most are the ones who click. You find out after the support tickets arrive.
How it works
Your images already load over the network on every open. imgSentinel turns that into a tripwire: the copies a phisher steals keep phoning home to us.
Sign
Point a CNAME at our edge, or call the signing API before send. Every image URL gets a cryptographic token tied to the recipient and campaign — invisible to readers, inseparable from the template.
Detect
When the email is opened, the image request hits our edge proxy. A token minted for one recipient loading from thousands of inboxes, hundreds of IPs, or after revocation is a stolen template — not a customer re-reading their receipt.
Respond
Your policy decides per request: serve the real image, swap in a warning banner, or return a blank pixel. The warning renders inline, in the inbox, at the moment of decision — no client plugin, no user training.
Every image load gets a verdict
| Verdict | When | What the reader sees |
|---|---|---|
| allow | Valid token, normal load pattern | Your image, proxied from your origin |
| warn | Suspicious pattern — unusual fan-out or volume | A warning banner where your logo would be |
| block | Revoked campaign or confirmed abuse | A blank pixel — the clone goes dark |
Built not to break your email
Fast on the happy path
Validating a legitimate open is pure cryptography — no database lookup stands between your customer and your image. Emails render as fast as before you added us.
Conservative by default
Default thresholds favor missing an attack over flagging a real customer. Inbox privacy proxies and link scanners are accounted for, not mistaken for blasts.
You hold the dials
Thresholds, country rules, and the default action are per-customer policy. Start in log-only mode, watch real traffic, then turn on warnings when you trust it.
See it catch a blast
Interactive demo against the live pipeline: a phisher copies your template, blasts it through Gmail's image proxy, and gets a warning banner where your logo was.