Is SiftMail the same as sift.email?

No. SiftMail (siftmail.app) is an AI-powered email security and triage platform for end users that connects to Gmail or Outlook. sift.email is a separate, unrelated email-list verification API for marketers. The two products are different companies in different categories with no affiliation.

What does SiftMail do?

SiftMail connects to a user's Gmail or Outlook inbox, automatically categorizes every email, surfaces important messages, bundles promotions and newsletters into digests, and detects phishing, impersonation, and Business Email Compromise attempts. It also provides the Sift Inbox Index, a searchable index of inbox history.

Does SiftMail read my emails?

SiftMail reads email headers and metadata for triage and security analysis. Full message bodies are not stored. The classification models receive only the minimum data required to score and categorize each message.

Does SiftMail work with Outlook?

Yes. SiftMail supports both Gmail and Outlook (Microsoft 365) via OAuth.

Yes — Shield Lite is free forever and includes 1 mailbox, 100 daily scans, basic risk scoring, and a 7-day history scan. Shield Pro is $15 per month with a 3-day free trial. Domain Defense is $39 per user per month for teams.

Home > Threat Library > Credential Harvesting

🔑

Credential Harvesting

Critical Severity86% of organizations experienced credential theft attempts in 2023

Credential harvesting is an attack where phishing emails direct victims to fake login pages designed to capture usernames and passwords for email, banking, or other services.

How it works

Email claims your account needs verification or has been compromised
Link goes to a pixel-perfect replica of a real login page
Victim enters their real credentials which are captured
Attacker uses credentials for account takeover, data theft, or further attacks

Red flags to watch for

Unexpected "verify your account" or "reset password" emails
Login page URL doesn't match the real service domain
Page asks for more information than a normal login (SSN, credit card)
Redirects to the real site after "login" to avoid suspicion

Real-world example

Subject: Action Required: Unusual sign-in activity on your Microsoft account
From: account-security@microsoftonline-verify.com
“We detected a sign-in attempt from an unrecognized device. If this wasn't you, secure your account immediately by verifying your identity.”

How to protect yourself

Always check the URL before entering credentials
Use a password manager that won't autofill on fake domains
Enable multi-factor authentication everywhere
Use SiftMail to catch credential harvesting emails before you see them

How SiftMail detects this

SiftMail scores phishing body patterns (+30%) including password reset language, SSN/credit card requests, and credential verification urgency. Combined with sender analysis, these emails are consistently flagged.

Stop credential harvesting before they reach your inbox

SiftMail scores every incoming email and automatically quarantines threats. Free plan available, setup takes 30 seconds.

Protect My Inbox Free Check a Suspicious Email