9 articles
How to detect SaaS tools sending emails from your domain without authorization: DMARC reports, unknown source identification, resolution workflow, and continuous monitoring.
Step-by-step guide to moving your DMARC policy from none to reject: recommended timeline, shadow IT pitfalls, the role of RUA reports, and a migration checklist.
Practical guide to interpreting DMARC aggregate reports: XML format, legitimate vs suspicious sources, shadow IT, and how to use the data to strengthen your policy.
Everything about email encryption: STARTTLS, opportunistic vs enforced TLS, MTA-STS, DANE, TLS-RPT. Why Gmail shows a red padlock and how to avoid it.
Complete dissection of a DKIM-Signature header: algorithm, body hash, canonicalization, selector, timestamp. Understanding the verification process step by step.
Why your DKIM key size matters: history of RSA 512/768/1024-bit vulnerabilities, migration to 2048 bits, and Ed25519 as the future standard.
Complete guide to BIMI (Brand Indicators for Message Identification): prerequisites, VMC certificate, DNS setup and impact on trust.
Complete guide to setting up a DMARC record on your domain: syntax, policies, RUA reports and best practices.
Complete guide to DKIM (DomainKeys Identified Mail): how cryptographic signatures work, DNS setup, key rotation and troubleshooting.