Visual Mail Verification.
The sixth layer, where threats actually land.
Most email security stops threats before they hit the inbox. SPF. DKIM. DMARC. Anti-spam gateway. Anti-phishing scanner. Five layers, all working before the user sees the message. The trouble is the messages that get through. Phishing and Business Email Compromise succeed precisely because they look legitimate to filters. Once a message lands, the user is the last line of defense, typically without the context to make a confident judgment. Verisend is the sixth layer. A Microsoft 365 inbox app that shows users, visibly inside the message itself, which emails are verified legitimate and which deserve a second look.
Verification context, in the message, at the moment of decision
Verisend installs as a registered application in your Microsoft 365 tenant. From there it deploys to a single user, a group, or the whole organization via a manifest. Once active, it inspects messages in the user's inbox and surfaces a clear visual signal directly inside Outlook: verified when authentication, sender history, and content all align, caution when something falls short.
The user does not have to interpret email headers, hover over a sender domain to read a tooltip, or guess. The verification state lives inside the message UI in Outlook, where the decision is actually being made. For regulated banking tenants, Verisend extends that signal further: inbound messages are checked against internal Know Your Customer data so verified-customer mail is visibly distinguished from impersonation attempts.
Verisend sits inside DuoCircle's broader Protect portfolio, alongside Phishing Protection and Spam Filtering at the gateway, with DMARC Report and SPF Management at the authentication layer.
What is in the box
A verified-legitimate signal where users actually decide, a clear caution state when something falls short, KYC-aware verification for banks, and a tenant-wide deployment model that fits Microsoft 365 the way Microsoft 365 was designed to be extended.
Verified-legitimate signal in the message
When authentication, sender history, and content signals all align, Verisend marks the message as verified directly in Outlook. The user does not have to interpret SPF, DKIM, or DMARC results, hover over a sender domain, or open headers. The decision context lives where the decision is being made.
Caution signal when something does not add up
When one or more verification signals fall short, Verisend surfaces a clear caution state with the user-facing context to act on it. The message does not get hidden, the user does not get a confusing red banner with no detail. The signal is specific enough to drive a sensible action.
Designed against the BEC threat pattern
Built for the specific attacks that cost CISOs the most sleep: a spoofed-style note from the CEO to finance asking for a wire, a vendor-impersonation invoice with subtly altered banking details, a pretexting email referencing a real internal project. These attacks evade filters by being plausible. Verisend works because the user gets context they can act on, at the point of decision.
KYC-aware verification for banks
For regulated banking and financial services tenants, Verisend can verify inbound senders against the internal Know Your Customer data the bank already captures. When a message matches a known customer, key customer information is retrieved and displayed in the inbox in real time, so impersonation attempts stand out by the absence of that signal.
Manifest-based deployment across the tenant
Installs as a registered Microsoft 365 application and is rolled out via a tenant manifest. Scope can be a single user, a single group, or the whole organization. There is no per-endpoint installer, no client agent, no separate authentication system to manage.
Engineering-led product, not a license resale
Verisend is a DuoCircle product run by the same expert team that operates the rest of the portfolio. The roadmap and the support call go to the same group. When something breaks, the team that fixes it is the team that picks up the phone.
The audience
- Banks, financial services firms, and regulated organizations where a single successful Business Email Compromise can be catastrophic
- Microsoft 365 tenants whose users are already inside the security stack and who are willing to act on inbox-level signals
- Finance, legal, and operations teams that field high-stakes vendor and customer communications and need a verification signal in front of them
- Compliance-driven environments (financial, healthcare, government) where wire fraud and credential phishing carry regulatory consequences
- Organizations that have already implemented the upstream layers (SPF, DKIM, DMARC, anti-spam, anti-phishing) and want a defense at the inbox itself
We are not the right answer if
You are not on Microsoft 365. Verisend is built as an M365 application and rolled out via tenant manifest. For HCL Domino and IBM Notes environments, the right product is SpamSentinel, which is native to Domino. For Google Workspace, the built-in protection is genuinely strong and we do not have a sixth-layer product on Workspace.
You have not yet implemented the first five layers (SPF, DKIM, DMARC, anti-spam, anti-phishing). Start there. We can help: see SPF Management, DMARC Report, Phishing Protection, and Spam Filtering. Stack the upstream layers before adding the inbox layer.
Your users will not engage with additional inbox UI. The sixth layer assumes the user is part of the security stack. If your culture is closer to "the IT team handles all of that," the value proposition is weaker. We would rather be honest about that than sell a deployment that goes unused.
You need a full Security Awareness Training platform with phishing-simulation campaigns and behavioral analytics. That is a different product category. Verisend gives users a verification signal at the point of decision; it does not run a curriculum.
A 30-day evaluation, in your real M365 tenant
Verisend is licensed annually per user, with a 30-day evaluation guarantee that you will find it useful for stopping Business Email Compromise. Enterprise customers, Microsoft Managed Service Provider partners, and telecom carriers can reach out for volume pricing. Pricing on a serious deployment gets discussed on the call, not gated behind a procurement form.
When you contact us, you talk to an expert who has actually deployed Verisend in a Microsoft 365 tenant. We tell you whether the sixth layer fits your environment, what the user-facing experience will look like, and how the rollout plays out in practice. Reference calls with existing customers are available on request.
Talk to an expert about your inbox-level defense
Same-day response. Real expert on the call. We set up a 30-minute demo in a real M365 mailbox and answer the technical questions directly.