CaptainDNS Blog

DNS, email authentication, AI integrations and product updates.

Technical guides, comparisons and insights on public DNS resolvers (Cloudflare, Google, Quad9), email authentication (SPF, DKIM, DMARC, BIMI, ARC) and deliverability. Learn how to configure Amazon SES, Brevo, SendGrid or Mailjet, and explore our AI integrations with ChatGPT and the MCP protocol. Whether you're a sysadmin, developer or marketing manager, find best practices here to secure your domains and optimize your email delivery.

Articles

March 2026

Diagram showing the structure of an email header with key fields annotated: From, Received, Authentication-Results

CaptainDNS · March 29, 2026

Understanding email headers: the complete guide to reading and analyzing every field

Every email carries an invisible logbook. This guide teaches you how to extract it, read it field by field, and diagnose deliverability or security issues.

Table showing 10 subtle email header signals that security gateways fail to detect

CaptainDNS · March 28, 2026

10 email filter gaps: the subtle header signals your gateway misses

Your email gateway blocks 99% of threats. But the 1% that gets through is what matters. Here are the 10 header indicators that most filters ignore.

Diagram showing how an attacker exploits indirect MX routing to spoof an internal domain in Microsoft 365

CaptainDNS · March 28, 2026

Misconfigured Email Routing: Microsoft's Warning on Internal Spoofing (January 2026)

In January 2026, Microsoft revealed that indirect MX configurations allow attackers to spoof internal identities by bypassing SPF, DKIM, and DMARC.

Diagram showing an email passing through SPF, DKIM, and DMARC checks with a deliverability score of 100 out of 100

CaptainDNS · March 27, 2026

Test Email Deliverability: The Complete Guide Before Sending

One in five emails never reaches the inbox. This guide shows you how to test your email deliverability before sending and fix every issue.

Diagram showing real DNS propagation timelines based on TTL across different public resolvers

CaptainDNS · March 26, 2026

DNS Propagation Time: How Long Does It Really Take?

The 24 to 48 hour myth is wrong. The actual delay depends on TTL, and you can control it.

Diagram showing a shortened link hiding a phishing URL behind multiple redirect layers

CaptainDNS · March 25, 2026

URL Shorteners: Why bit.ly, t.ly and Their Peers Have Become Phishing's Weapon of Choice

t.ly, Is.gd, Goo.su: URL shorteners fuel phishing, malware, and security filter evasion. Learn the exploitation techniques and how to verify every link before you click.

CaptainDNS · March 23, 2026

Gmail Verified vs Google Verified: understanding the real differences

The Gmail blue checkmark and the Google verified badge rely on entirely different mechanisms. This guide breaks down the technical prerequisites, costs, and steps for each verification.

Illustration of the 5 pillars of NIST SP 800-81r3 for DNS security

CaptainDNS · March 21, 2026

NIST SP 800-81r3: what the new DNS security guide changes

Full analysis of NIST SP 800-81r3, released March 19, 2026. Protective DNS, DNSSEC, encrypted DNS: the key recommendations for securing your infrastructure.

Diagram showing an HTTP redirect loop with detection and resolution steps

CaptainDNS · March 20, 2026

HTTP redirects: how to detect loops, chains and suspicious shortened links

Complete guide to identifying redirect loops, excessive chains and suspicious shortened links. Diagnosis, fixes and security best practices.

Diagram showing the link between DNSSEC, certificate authorities, and TLS certificate issuance after Ballot SC-085v2

CaptainDNS · March 19, 2026

Ballot SC-085v2: certificate authorities now verify DNSSEC before issuing a TLS certificate

Since March 15, 2026, the CA/Browser Forum requires CAs to verify DNSSEC during domain validation. This guide covers the context, impact, and how to check your configuration.