A quiet lesson in verification, standards, and protecting both agencies and their clients.
Every agency that works with serious budgets eventually runs into these questions — especially when enterprise intake standards are involved.
How much verification is “too much”?
Recently, we encountered a highly polished enterprise inquiry that ultimately turned out not to be legitimate. No access was granted, no data was shared, and no damage was done — but the experience reinforced something we already believe strongly:
Standards aren’t friction. They’re protection.
This isn’t a story about fear, blame, or technical forensics. It’s a practical look at patterns, process, and why calm verification should be part of every agency’s intake when access and spend are involved.
These enterprise intake standards exist to ensure verification, accountability, and protection on both sides of the engagement.
The Enterprise Intake Pattern (Not the Drama)
On the surface, the inquiry looked exactly like a real enterprise engagement:
- A real, well-known enterprise company name
- A real executive’s name and title
- A six-figure monthly Google Ads budget
- Professional tone and fast, competent responses
- Requests that mirrored normal enterprise evaluation workflows
Nothing about it felt amateur or sloppy.
And that’s the point.
High-quality impersonation doesn’t rely on urgency or obvious red flags. It relies on believability.
The One Detail That Actually Matters
The issue wasn’t sophistication.
It wasn’t budget size.
It wasn’t how well the emails were written.
It was domain alignment.
The inquiry originated from a lookalike domain — not the organization’s primary corporate domain.
A quick domain review showed:
- The domain was newly registered
- It was registered overseas
- It was not associated with the real organization
That alone doesn’t prove malicious intent — but it does require verification.
And that’s where standards matter.
The Enterprise Intake Standards We Apply (Every Time)
Enterprise Intake Standards in Practice
When enterprise access is involved — ad accounts, analytics, billing, or internal data — we apply the same baseline requirements, regardless of budget or urgency:
- Enterprise inquiries must originate from the organization’s primary corporate domain
- Stakeholders must align with verifiable roles
- Early requests for account access slow the process, not accelerate it
- No platform access is granted without confirmed ownership and authority
- No exceptions based on spend size, timelines, or perceived opportunity
These aren’t aggressive rules. They’re boring, predictable, and intentional.
When we requested verification and enforced those standards, the conversation went silent.
That outcome told us everything we needed to know.
What Changed Internally
Nothing dramatic — just reinforcement and documentation:
- Our intake process was strengthened
- Subtle expectation-setting language was added to our contact form
- A clear internal rule was formalized:
We do not engage with enterprise inquiries unless they originate from the organization’s primary corporate domain.
That’s it.
No alarms. No incident response. Just maturity.
Why This Matters for Agencies
If your work involves:
- Paid media accounts
- Analytics access
- Admin credentials
- Billing permissions
- Or client data of any kind
Then verification isn’t distrust — it’s professionalism.
Serious organizations expect this. Legitimate enterprise teams aren’t offended by standards — they’re reassured by them.
The right clients don’t push back on guardrails. They recognize them as a sign they’re working with a disciplined partner.
The Quiet Takeaway
This experience didn’t make us more paranoid. It made us more confident in doing what we already do.
Strong intake standards protect:
- Your agency
- Your team
- Your clients
- And the real enterprises you want to work with
If a lead disappears when standards are applied, that’s not a loss.
That’s the system working.