WhiteMail
Back to blog
·White Baek · Founder#founding-story#email-security

Why we started WhiteMail

WhiteMail started with a frustration we could not let go of.

Between us we had spent years inside security operations, watching the same thing happen over and over: the email that finally caused real damage was almost never the one that looked dangerous. It came from a real vendor, in a real thread, asking for something that — on a busy Tuesday afternoon — looked entirely reasonable.

The tooling was never the problem in theory. Given an hour and the full context, a good analyst could almost always tell you whether an email was an attack. The problem was that nobody has an hour per email. So the depth of investigation that actually catches modern attacks was reserved for the handful of messages someone happened to look at.

We kept circling one simple question: what if every email got the investigation that today only a few ever receive?

That question is the whole company.

What we believe

  • Attacks are built from context, not patterns. Modern phishing and business email compromise do not trip signatures. They exploit relationships, timing, and trust. Detection has to reason about context — not just match known indicators.
  • Investigation should be the default, not the exception. The unit of email security should be every message, continuously — not the subset a human had time for that day.
  • A verdict you cannot see through is a verdict you cannot trust. If a system says "block" but cannot show why, your team re-investigates it anyway. Explanation is not a feature bolted on at the end. It is the product.

What we are building

WhiteMail is an AI-native email security platform. At its core is WhiteHat, an engine that investigates every message the way a senior analyst would: who really sent this, is the infrastructure behind it sound, where do these links actually lead, and what is this message truly trying to make someone do.

We are at the very beginning. Over the coming weeks we will write here about what we are building, the decisions behind it, and what we are seeing in the threat landscape — week to week, like a running field journal.

The inbox has been the soft underbelly of nearly every organization for thirty years. We think it is finally time to fix it properly.


This is the first of a weekly series. Next week we start the security reports.