How email open tracking works: spy pixels, link wrapping, click tracking. Best practices for ethical tracking and better deliverability.
Guides, best practices and news about email deliverability, DNS authentication and domain security.
How to detect SaaS tools sending emails from your domain without authorization: DMARC reports, unknown source identification, resolution workflow, and continuous monitoring.
Complete guide to email-related DNS records: MX, SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI, PTR. Each record explained with concrete examples.
How to read email headers: Received, Return-Path, Authentication-Results, ARC, DKIM-Signature. Complete guide to diagnosing deliverability issues.
Step-by-step guide to moving your DMARC policy from none to reject: recommended timeline, shadow IT pitfalls, the role of RUA reports, and a migration checklist.
Practical guide to interpreting DMARC aggregate reports: XML format, legitimate vs suspicious sources, shadow IT, and how to use the data to strengthen your policy.
Everything about email encryption: STARTTLS, opportunistic vs enforced TLS, MTA-STS, DANE, TLS-RPT. Why Gmail shows a red padlock and how to avoid it.
Check your domain's email configuration
SPF, DKIM, DMARC, BIMI, blacklists, headers... complete free audit.
Start free audit →Complete dissection of a DKIM-Signature header: algorithm, body hash, canonicalization, selector, timestamp. Understanding the verification process step by step.
Why your DKIM key size matters: history of RSA 512/768/1024-bit vulnerabilities, migration to 2048 bits, and Ed25519 as the future standard.
Technical explanation of dual DKIM signatures: why your ESP adds its own signature, the role of Gmail and Yahoo Feedback Loops, and the impact on DMARC alignment.