Tagged
best-practices
3 posts
- 01dmarc6 min read
Subdomain DMARC: Why the sp= Tag Matters More Than You Think
Does p=reject cover your subdomains? Usually yes — but one tag can silently undo it. How subdomain policy inheritance really works, and how to lock down the dormant subdomains attackers love.
- 02dmarc4 min read
Reading DMARC aggregate reports: what the XML is actually telling you
Aggregate reports are how you find out who is sending as your domain — legitimate or not. Here's how to read the XML, what each field means, and how to spot spoofing.
- 03dmarc6 min read
The DMARC rollout playbook: none to reject without breaking mail
Moving from p=none to p=reject is where most DMARC projects stall — usually from fear of blocking legitimate mail. Here's a staged, evidence-driven path to full enforcement.