JD Tech Consulting
Get in Touch
Get in Touch

Or email [email protected]

All work

Security & Compliance Frameworks

Sonitek

Stopping a live email attack mid-migration

Client overview

Sonitek is a precision manufacturing company specializing in heat staking, ultrasonic welding, and industrial automation equipment. Their business depends on reliable email and DNS infrastructure to support order processing, customer communication, internal operations, and B2B outreach.

The engagement

JD Tech was retained to support a DNS migration and website transition. Early in the engagement, it became clear that DNS, email authentication, and security controls were fragmented across multiple platforms — creating unnecessary risk during any migration.

As remediation work began, the organization experienced a live malicious email flooding attack, turning what was planned work into an active incident response.

What we found

  • SPF, DKIM, and DMARC were misaligned and inconsistent across Microsoft 365, eCommerce systems, and third-party senders
  • DNS was hosted in a way that made changes fragile and error-prone, increasing migration risk
  • Monitoring existed but lacked actionable visibility — failures could occur without immediate awareness

Before remediation was complete, Sonitek was hit with a high-volume inbound email attack, flooding mailboxes with thousands of messages per minute. Legitimate email was delayed, users experienced mailbox slowdowns, and operational risk increased rapidly.

Incident response

We shifted immediately from planned migration work to active defense and containment.

  • Rapid inbound defense. Deployed Proofpoint as a first-layer email security gateway to absorb and block malicious traffic before it reached Microsoft 365.
  • Attack containment. The flood was stopped, mailbox performance normalized, and legitimate email flow was restored without user disruption.
  • Employee protection. Controls were put in place to prevent follow-on threats including business email compromise (BEC) and credential-harvesting attempts often associated with these attacks.

Infrastructure work

Once the environment was stabilized, we completed the original scope — this time on hardened ground.

  • DNS cleanup and alignment. Standardized SPF, DKIM, and DMARC across all sending sources and domains.
  • DNS migration. Successfully migrated DNS to the new provider with zero email downtime.
  • Website transition. Supported the website migration as part of the DNS cutover, validating propagation and service continuity.
  • Ongoing visibility. Established monitoring and alerting so authentication issues, delivery failures, or anomalies are caught early.

Outcome

  • The email flooding attack was neutralized quickly, with no data loss and no ongoing user impact
  • DNS and email authentication are now fully aligned and stable
  • The DNS and website migration completed cleanly and safely
  • A potential business email compromise scenario was prevented through layered defenses
  • Sonitek now operates with confidence in their DNS and email infrastructure — not firefighting

"Highly recommend."

— Tom Bishop, Sonitek

Have a similar problem?

Send a note. We’ll reply within one business day.

Get in touch

Next case study

Confidential (under NDA)

Read it

Next step

Ready to get started?

No scripts. No sales pitch. A focused conversation about what isn't working — and how we fix it. Send a note describing what you're dealing with and you'll get a written response from a senior operator within one business day.

Start a ConversationSee the work first

What you can expect

  • Written reply within one business day
  • A real response from a senior operator — no intake forms, no auto-responder
  • Scope and pricing within 48 hours if it's a fit
  • We tell you straight when we're not the right firm