Email security, explained
Practical, jargon-free guidance on protecting your domain - and what the data says about how everyone else is doing.
Short, practical reads on getting email authentication right – written for the people who have to make it work, whether that’s your own domains or a portfolio of clients’. No fluff, no fearmongering: just the things that actually move the needle, plus what our benchmark data reveals about the wider picture.
The SPF 10-lookup limit, and how to beat it →
Why your SPF quietly stops working as you add cloud senders – and the cleanest way to fix it for good.
How to get to p=reject without breaking mail →
A safe, staged path from DMARC monitoring to full enforcement – without blocking legitimate mail.
Why the average domain scores just 21/100 →
What our benchmark of millions of domains reveals about the real state of email security.
DMARCbis: what’s changing in the DMARC standard →
The first major DMARC revision since 2015 – the tree walk, the end of pct, and what to do.
Securing mail in transit: MTA-STS and TLS-RPT →
DMARC stops impersonation; this is how you stop your mail being downgraded and read in transit.
More articles coming soon.
Put it into practice on your domain
Run a free check to see exactly where your domain stands – SPF, DKIM, DMARC and more.
Check your domain