Security
Email authentication, encryption, and threat prevention best practices.
51 articles
SVG Tiny-PS: understanding the security profile required by BIMI
An SVG file can contain JavaScript, phishing links and tracking pixels. Learn how the SVG Tiny-PS profile neutralizes these threats to secure BIMI logos.
SERVFAIL after enabling DNSSEC: diagnosis and fix
A SERVFAIL after enabling DNSSEC points to a broken chain of trust. This guide covers the five causes, three diagnostic commands, and exact fixes for each scenario.
Understand the DNSSEC chain of trust in 5 minutes
The chain of trust is the core principle behind DNSSEC. This guide explains every link, from the DNS root to your domain, with clear diagrams.
Enable DNSSEC: step-by-step guide by registrar
DNSSEC protects your visitors from DNS spoofing. This guide covers step-by-step activation for the 6 most popular registrars, with instant verification.
End of Basic Auth SMTP on Microsoft Exchange Online: timeline, 550 5.7.30 error, and migration guide
Microsoft is retiring Basic authentication for SMTP AUTH on Exchange Online. Revised timeline, 550 5.7.30 error, OAuth alternatives, HVE, Graph API, and step-by-step migration checklist.
NIST 2025 password recommendations: what's changed
The NIST has rewritten its password rules. No more mandatory rotation, no more complexity requirements. A complete breakdown of SP 800-63B-4 with a step-by-step compliance plan.
Passphrase vs password: which one is actually safer?
A 16-character random password or a 5-word dice-generated phrase? A technical comparison with entropy calculations, use cases, and practical recommendations.
Passkeys vs passwords: should you ditch your passwords in 2025?
Google, Apple, and Microsoft are pushing passkeys as the replacement for passwords. But are they ready for widespread use? Technical comparison, benefits, limitations, and transition strategy.
Port 25 blocked: diagnosis and solutions by hosting provider
Port 25 is blocked by most cloud providers and ISPs to fight outbound spam. Here's how to diagnose the block and restore your sending capability.
STARTTLS, SSL/TLS and SMTP: which encryption for your emails?
SSL, TLS, STARTTLS, Implicit TLS, DANE, MTA-STS: email encryption in transit relies on mechanisms that are often confused. This guide clarifies each protocol, explains their vulnerabilities, and shows how to configure robust TLS encryption on Postfix, Exim and Exchange.
SMTP ports explained: 25, 465, 587, 2525, which one should you use?
Port 25, 465, 587, or 2525? Each SMTP port has a specific role. This guide breaks down how each port works, its encryption method, the relevant RFCs, and helps you pick the right port for your use case.
How to test the SMTP connectivity of your MX servers
Your DNS records are perfect, but emails aren't getting through? The problem might be at the transport layer. This guide shows you how to test SMTP connectivity for each MX server, step by step.
Phishing trends 2025-2026: APWG statistics and new techniques
Phishing has evolved: generative AI, malicious QR codes, MFA bypass. Explore the 2025 APWG figures and the techniques redefining the threat landscape in 2026.
Google Safe Browsing, URLhaus, PhishTank, VirusTotal: how threat intelligence databases work
Every day, your browser queries threat intelligence databases to block malicious URLs. Learn how the 4 main databases work and why combining them is essential.
Clicked a phishing link: what to do right now?
3.4 billion phishing emails are sent every day. If you clicked a suspicious link, follow these emergency steps to limit the damage and secure your accounts.
How to spot a phishing email in 2026
91% of cyberattacks start with an email. Learn how to spot the warning signs, verify a suspicious link, and protect your inbox with the right protocols.
Set up TLS-RPT: step-by-step guide for Microsoft 365, Google Workspace, and OVHcloud
Hands-on tutorial to set up TLS-RPT (SMTP TLS Reporting) on Microsoft 365, Google Workspace, and OVHcloud. DNS record, verification, and troubleshooting included.
How to Remove Your IP from a Blacklist: The Complete Delisting Guide
Is your IP on a blacklist and your emails getting rejected? This guide details the delisting procedures for each major blacklist, including processing times and best practices to avoid getting listed again.
.brand TLD: why major brands create their own domain extension
From .dvag (10,562 domains) to .ferrari, .zara, and .google: discover why 494 global companies have invested in their own .brand TLD.
Surfshark DNS: how it works, benefits, and setup
Surfshark DNS is a free public DNS resolver (IPv4/IPv6, DoH) focused on privacy. Here's when to use it, how to configure it, and what to check.
DNS4EU: the European DNS resolver (DoH/DoT), profiles and setup
DNS4EU is a European public DNS with 5 variants (security, kids, ad blocking, neutral) and IPv4/IPv6 + DoH/DoT addresses. Deployment and verification guide.
NextDNS DNS: how it works, benefits, and setup
NextDNS is a customizable DNS resolver: DoH/DoT encryption, filtering, profiles, and logs. Here’s how to deploy it cleanly at home or in an SMB.
Cloudflare DNS (1.1.1.1): privacy, DoH/DoT, deployment
1.1.1.1 is Cloudflare's public DNS resolver. Here's how to use it properly (addresses, DoH/DoT/ODoH, tests, pitfalls) and deploy it.
Quad9 DNS (9.9.9.9): how it works, benefits, alternatives
Quad9 (9.9.9.9) is a public DNS resolver focused on security and privacy: malware blocking, DNSSEC validation, and encrypted DoT/DoH options. Here's how to deploy it properly.
BIMI, VMC, CMC: compatibility and DNS prerequisites (Gmail, Yahoo, Apple Mail)
Putting your logo in the inbox: what you actually need to configure in DNS for BIMI, and how to choose between VMC and CMC.
Gmail ends POP fetching from other accounts in 2026: impact and action plan
Starting January 2026, Gmail will no longer continuously fetch messages from external mailboxes via POP ("Check mail from other accounts"). Impacts, timeline, and alternatives for Gmail and Google Workspace users and admins.
