Skip to content
All posts
Tagged

best-practices

3 posts

  1. 01
    dmarc6 min read

    Subdomain DMARC: Why the sp= Tag Matters More Than You Think

    Does p=reject cover your subdomains? Usually yes — but one tag can silently undo it. How subdomain policy inheritance really works, and how to lock down the dormant subdomains attackers love.

  2. 02
    dmarc4 min read

    Reading DMARC aggregate reports: what the XML is actually telling you

    Aggregate reports are how you find out who is sending as your domain — legitimate or not. Here's how to read the XML, what each field means, and how to spot spoofing.

  3. 03
    dmarc6 min read

    The DMARC rollout playbook: none to reject without breaking mail

    Moving from p=none to p=reject is where most DMARC projects stall — usually from fear of blocking legitimate mail. Here's a staged, evidence-driven path to full enforcement.