New Special Report: The Lying Gatekeeper

Despite not being designed for identity verification, email's convenience made it a common business identifier. Criminals target this pervasive use as a primary entry point for their activities. Read the newly published report, The Lying Gatekeeper, to explore these topics:

• A Convenient Lie

  • How email, a messaging protocol built in 1971, became the de facto identity layer for the digital economy, and why that decision was never as safe as it seemed.

• The Four Jobs Email Was Never Supposed to Have

  • The four critical identity functions that email has been pressed into serving: universal username, account recovery, action approval channel, and persistent proof of identity over time.

• Trust That Expires the Moment It's Granted

  • Why email-based identity verification is a point-in-time check on a dynamic threat landscape, and how attackers exploit the gap between account creation and today.

• The Cost of Static Trust

  • The measurable financial consequences of treating an email address as a permanent identity signal, including a $5M average cost per account takeover breach.

• The Numbers Behind the Comfortable Myth

  • A data-driven look at the scale of account takeover fraud, credential stuffing, phishing, and synthetic email abuse, and how email sits at the center of each threat.

• The Credential Reuse Epidemic

  • How password reuse across services turns a single breach into cascading exposure, feeding email-based credential stuffing attacks at industrial scale.

• The Password Reset: Email's Most Dangerous Feature

  • Why email-based password recovery, used by 64% of services as the sole option, functions as a skeleton key for attackers who control a victim's inbox.

• Why Businesses Keep Using It Anyway

  • The economic and inertial forces that keep organizations dependent on email as an identity signal, even as the evidence of its failure accumulates.

• The MFA Paradox

  • Why multi-factor authentication hasn't solved the underlying problem when most MFA flows are themselves rooted in the same compromised email addresses.

• The Disposable Address Problem: Email You Can't Trust From the Start

  • How the $1.36B disposable email industry enables account fraud from the moment of registration, and why standard validation tools can't detect it.

• The Abandoned Account: A Skeleton Key That Never Expires

  • How dormant accounts accumulate in every user database, linked to email addresses that have changed hands, and how criminals exploit that invisible drift.

• The Case Studies That Should Have Changed Everything

  • Documented, publicly reported failures, from Roku to Norton to Business Email Compromise, that illustrate the predictable cost of trusting email as identity.

• From Static Trust to Continuous Intelligence

  • What a better approach looks like: shifting from one-time email validation to continuous risk assessment at every high-stakes moment in the account lifecycle.

• Closing the Weakest Link

  • How organizations should rethink email risk, and how myNetWatchman Email Reputation was built to solve account takeover fraud and fake account creation at scale.