[ for law firms ]

Your clients trust your name. Make sure no one else can send from it.

Inbox Vital checks whether your law firm's email setup makes it easier for impostors to send as your firm, then keeps watching for changes that could put client trust at risk.

Diagnostic shield showing a broken legal email route being inspected

$3.05B

Business Email Compromise losses reported to FBI IC3 in 2025

29%

law firms reporting a security breach in the 2023 ABA Cybersecurity TechReport

State Bar warning

Law firms are targets for identity theft, trust account fraud, wire fraud, and phishing

These are broader FBI, ABA, and State Bar of California risk signals, not Inbox Vital customer data. They show why trusted firm email is worth checking before a client has to question it.

[ why it matters ]

Legal work runs on trusted messages.

An impostor does not need your whole system to be broken. They only need a believable message at the right moment: a client intake note, a document request, payment details, or wiring instructions that look routine.

Clients expect messages from your firm to be real.

You handle confidential documents, deadlines, retainers, and settlement funds.

Urgent legal email often arrives when there is little time to double-check it.

Your email setup depends on several services that can drift after routine changes.

[ spoofing in plain english ]

Spoofing is when someone sends an email that appears to come from your firm, even though you did not send it.

The protection is not magic. Inboxes look for a few signals that answer simple questions. Inbox Vital checks those signals and explains the weak spots without making you read record syntax.

SPF

Who is allowed to send?

This check lists the services that are allowed to send mail for your domain.

DKIM

Was the message signed?

This check helps inboxes confirm that a message came from an approved sender.

DMARC

What should inboxes do?

This policy tells inboxes what to do when a message pretends to be from you but fails the checks.

[ how we help ]

See the exposure, then keep it watched.

Inbox Vital turns the technical checks into a short readout: what is healthy, what is risky, and what needs to change. You can hand the fix to the person who manages your domain and move on.

Scan my firm's domain

[ real moments ]

The risky message rarely looks dramatic.

The problem usually looks ordinary enough to pass through a busy day. That is why the domain layer is worth checking before clients, staff, or opposing counsel have to make a judgment call.

Fake client intake

A message looks like a new client sending documents, but the link or attachment is built to steal credentials or case files.

Scan. Explain. Monitor.

Wire instruction swap

A client receives a message that appears to come from your firm with new wiring instructions for a retainer, settlement, or trust account transfer.

Scan. Explain. Monitor.

Deadline delivery failure

A filing reminder, signed document, portal invite, or client update gets filtered because your email setup broke after a routine change.

Scan. Explain. Monitor.

[ start here ]

Check the part of client trust most firms never look at.

Run a scan, see the weak spots in plain English, and keep your firm's domain watched as your email setup changes.