Skip to content
DDMARC
The DDMARC Blog
Field notes

Field notes on email security.

What's changing in DMARC and deliverability, how operators are responding, and how to read your reports — written for the people who actually run email.

best-practicescompliancedeliverabilitydmarcgoogle-yahooreports
  1. 01
    dmarc4 min read

    Reading DMARC aggregate reports: what the XML is actually telling you

    Aggregate reports are how you find out who is sending as your domain — legitimate or not. Here's how to read the XML, what each field means, and how to spot spoofing.

  2. 02
    dmarc3 min read

    The DMARC rollout playbook: none to reject without breaking mail

    Moving from p=none to p=reject is where most DMARC projects stall — usually from fear of blocking legitimate mail. Here's a staged, evidence-driven path to full enforcement.

  3. 03
    deliverability3 min read

    Google and Yahoo sender requirements: are you actually compliant?

    Since February 2024, Google and Yahoo enforce authentication, easy unsubscribe, and a spam-rate ceiling for bulk senders. Here's a concrete checklist to confirm you're meeting them.