New Product Announcement

TocMail will be releasing its new product on August 31st.

95% of all company breaches begin with an email phishing link. Fortunately, almost every phishing site uses the same technique to bypass cloud-based security. The moment you learn how phishing sites are bypassing your protection, you can finally stop them — every time.

Even if your current security provider claims to protect you from this technique, it is important to read to the end. This technique has been bypassing cloud protection for more than a decade. It is the reason phishing attacks continue to escalate year after year.

How Phishing Links Evade Detection

Nearly 100% professional phishers use the same technique to bypass detection. They program their links to send clean content every time security services connect to them. The attackers' links only send the harmful content when the intended victim connects. In this way, security services approve their links. Victims are then harmed by content that the security services never saw.

Phishing links typically do this by using redirection. In other words, the attackers' links redirect security scanners to a clean site (such as; and they redirect intended victims to the phishing site.

If your company relies on cloud-based time-of-click protection then you are likely vulnerable to this attack. The attack succeeds because the time-of-click service analyzes a clean site and then sends the user somewhere else — to the original email link. Sending users to a different site than the one that the security service analyzed is a serious design flaw. If the security service sends users straight to the clean site — straight to the site it analyzes and approves — then users stay safe every time.

TocMail patented the outside-of-the-box method of sending users straight to the approved site — bypassing the original email link altogether. Since the user never connects to the email link, the email link cannot send the user somewhere else.

How TocMail Works

If the final site is a known good site: TocMail automatically sends its users straight there. This is one half of TocMail's patented solution.

If the final site's reputation is unknown: TocMail shows the user the name of the owner of the final site — not the owner of the original email link. If the owner is who the user expects, the user can approve the link and TocMail sends the user straight there. Otherwise, the user deletes the email remaining safe; as only TocMail's servers connected to the final site — not the user. (See Demo below.)

Eliminate Credential Phishing

TocMail's solution stops a specific type of phishing often called phishing for credentials. Credential phishing is the specific type of attack that can finally be eliminated — 100% of the time. (See Catch-22 below.)

Importantly, up to 95% of data breaches begin with credential phishing. In other words, with TocMail's patented solution, you can eliminate 100% of credential phishing attacks — reducing your risk of being breached by up to 95% at the same time.

How To Know If You Are Currently Protected

You can know whether your current cloud-based time-of-click service is actually protecting you or not. Notice in the first diagram that both the scanner and user connect to the email link. But in the second diagram, only the scanner connects to the email link — the user does not. If your cloud-based time-of-click service is always sending your users to the original links in their emails then your company continues to be exposed to this common attack. In this case, a data breach is inevitable.

If your company has already suffered a breach, there's a 95% probability that this is how it happened. In other words, if you want to reduce your risk of getting breached by up to 95%, just add TocMail's solution on top of your current time-of-click service. With TocMail, you can finally close this often-exploited security gap — for as little as $1 per user per month.

Considering that 95% of breaches begin with this specific attack, TocMail's solution offers the greatest cybersecurity impact to price ratio on the market.


TocMail's core technology is called PhishViewer:

TocMail's webapp is a full-featured email app with PhishViewer security embedded inside. (IMAP and SMTP switch implementations are also available to allow you to continue using your preferred email hosting provider and your preferred email clients (such as Outlook)).

Going straight to the final destination is one-half of TocMail's solution. The other half is showing the owner of the final destination:

Contact TocMail to discuss which implementation is best suited for your environment. All implementations are instant to deploy — allowing you to eliminate credential phishing today.


Credential phishing relies on imitating popular brand names such as Microsoft, PayPal, Bank of America, etc. These popular brands use domain monitoring services to prevent miscreants from using their names when registering domains. Since attackers cannot use the actual brand name when registering their own domains, they are left with only two options when using the technique described above:

TocMail's patented solution puts attackers in an inescapable catch-22 — keeping users safe regardless of what the attacker's credential phishing link decides to do.

*When an attacker creates a site on a domain owned by a popular hosting platform (such as Microsoft, Amazon, etc.) the owner name is "Third-Party Site" along with a warning. In other words, TocMail strives to show information about the owner of the website, not the owner of the domain — thereby keeping users safe even when attackers host harmful content on popular domains.


TocMail Inc. considers your privacy equally important to your security.

TocMail's webpage is free of cookies and free of tracking.

TocMail uses Privacy-Enhanced Mode for YouTube videos on the site.