Writing by people who run the infrastructure.
Field reports from the actual console. When we fix something in production, we write it up. No SEO copywriters, no “3 tips for email security” listicles, no AI-generated intros that reference “today's threat landscape.”
Your DMARC says “aligned.” Proofpoint still marks you Spam. Here's why.
A walkthrough of the three Proofpoint classifiers that fire even when your auth is clean. We fixed this in production last month — full teardown.
What is DMARC, actually?
The five-paragraph version. No glossary, no RFC citations you won't follow, no “in today's threat landscape”.
SPF, from first principles
What it does, what the 10-lookup limit is, and why “+all” is a red flag that survives into production with alarming frequency.
DKIM without the cryptography lecture
Selectors, keys, rotation, and why DKIM alignment matters more than DKIM passing.
BIMI: the brand-logo flex
You need VMC, p=quarantine, a SVG Tiny 1.2 file, and some patience. Whether it's worth it for a mid-sized brand.
MTA-STS, TLS-RPT, and why most domains skip them
The transit-encryption story DMARC doesn't cover. How to stand one up in an afternoon.
The BEC defender's playbook
Lookalike detection, WHOIS-freshness escalation, and the M365 + GWS blocklist automation that catches wire-fraud attempts the week the domain gets registered.
Want new ones in your inbox — once every few weeks, no drip?
We publish when we have something worth publishing. No “drip sequence”, no lead nurture, no retargeting ads. One newsletter per field report, sometimes less.