Email authentication, encryption, and threat prevention best practices.
74 articles
The IETF is reclassifying ARC (RFC 8617) as "Historic." But deprecated on paper does not mean dead in practice: Apple, Google and Microsoft still require it. Here is what really changes and what you should do.
In 2026, the status page is no longer a marketing tool. It is an admissible audit artifact for DORA, NIS2 and GDPR. A complete operational guide.
Phishing targets the masses, spear phishing targets the person. In 2026, AI, OSINT, and deepfakes blur the line. Full breakdown with real cases and defenses.
HSTS (RFC 6797) forces browsers to contact your site only over HTTPS. This guide covers the protocol, the directives, per-stack configurations and how to submit to the Chrome preload list.
Complete guide to obtaining and deploying a VMC or CMC certificate: CA comparison, pricing, prerequisites and free hosting.
Every email carries an invisible logbook. This guide teaches you how to extract it, read it field by field, and diagnose deliverability or security issues.
Your email gateway blocks 99% of threats. But the 1% that gets through is what matters. Here are the 10 header indicators that most filters ignore.
t.ly, Is.gd, Goo.su: URL shorteners fuel phishing, malware, and security filter evasion. Learn the exploitation techniques and how to verify every link before you click.
Full analysis of NIST SP 800-81r3, released March 19, 2026. Protective DNS, DNSSEC, encrypted DNS: the key recommendations for securing your infrastructure.
Complete guide to identifying redirect loops, excessive chains and suspicious shortened links. Diagnosis, fixes and security best practices.
Since March 15, 2026, the CA/Browser Forum requires CAs to verify DNSSEC during domain validation. This guide covers the context, impact, and how to check your configuration.
The CA/Browser Forum voted to progressively reduce TLS certificate lifetimes from 398 to 47 days by March 2029. Timeline, rationale, impact, and practical guide.
DMARCbis replaces RFC 7489, drops the PSL in favor of the DNS Tree Walk, adds three tags and splits reporting into three documents. This guide covers everything: how it works, migration, compliance.
From registration to release: understand every stage of the domain lifecycle, the risks at each phase, and the protections to enable.
WHOIS is retiring. RDAP replaces it. This guide covers everything: technical comparison, EPP codes, GDPR impacts, domain locks, and a migration plan.
An SVG file can contain JavaScript, phishing links and tracking pixels. Learn how the SVG Tiny-PS profile neutralizes these threats to secure BIMI logos.
A SERVFAIL after enabling DNSSEC points to a broken chain of trust. This guide covers the five causes, three diagnostic commands, and exact fixes for each scenario.
The chain of trust is the core principle behind DNSSEC. This guide explains every link, from the DNS root to your domain, with clear diagrams.
DNSSEC protects your visitors from DNS spoofing. This guide covers step-by-step activation for the 6 most popular registrars, with instant verification.
Microsoft is retiring Basic authentication for SMTP AUTH on Exchange Online. Revised timeline, 550 5.7.30 error, OAuth alternatives, HVE, Graph API, and step-by-step migration checklist.
The NIST has rewritten its password rules. No more mandatory rotation, no more complexity requirements. A complete breakdown of SP 800-63B-4 with a step-by-step compliance plan.
A 16-character random password or a 5-word dice-generated phrase? A technical comparison with entropy calculations, use cases, and practical recommendations.
Google, Apple, and Microsoft are pushing passkeys as the replacement for passwords. But are they ready for widespread use? Technical comparison, benefits, limitations, and transition strategy.
Port 25 is blocked by most cloud providers and ISPs to fight outbound spam. Here's how to diagnose the block and restore your sending capability.
SSL, TLS, STARTTLS, Implicit TLS, DANE, MTA-STS: email encryption in transit relies on mechanisms that are often confused. This guide clarifies each protocol, explains their vulnerabilities, and shows how to configure robust TLS encryption on Postfix, Exim and Exchange.
Port 25, 465, 587, or 2525? Each SMTP port has a specific role. This guide breaks down how each port works, its encryption method, the relevant RFCs, and helps you pick the right port for your use case.
Your DNS records are perfect, but emails aren't getting through? The problem might be at the transport layer. This guide shows you how to test SMTP connectivity for each MX server, step by step.
Phishing has evolved: generative AI, malicious QR codes, MFA bypass. Explore the 2025 APWG figures and the techniques redefining the threat landscape in 2026.
Every day, your browser queries threat intelligence databases to block malicious URLs. Learn how the 4 main databases work and why combining them is essential.
3.4 billion phishing emails are sent every day. If you clicked a suspicious link, follow these emergency steps to limit the damage and secure your accounts.
91% of cyberattacks start with an email. Learn how to spot the warning signs, verify a suspicious link, and protect your inbox with the right protocols.
Hands-on tutorial to set up TLS-RPT (SMTP TLS Reporting) on Microsoft 365, Google Workspace, and OVHcloud. DNS record, verification, and troubleshooting included.
Is your IP on a blacklist and your emails getting rejected? This guide details the delisting procedures for each major blacklist, including processing times and best practices to avoid getting listed again.
From .dvag (10,562 domains) to .ferrari, .zara, and .google: discover why 494 global companies have invested in their own .brand TLD.
Surfshark DNS is a free public DNS resolver (IPv4/IPv6, DoH) focused on privacy. Here's when to use it, how to configure it, and what to check.
DNS4EU is a European public DNS with 5 variants (security, kids, ad blocking, neutral) and IPv4/IPv6 + DoH/DoT addresses. Deployment and verification guide.
NextDNS is a customizable DNS resolver: DoH/DoT encryption, filtering, profiles, and logs. Here's how to deploy it cleanly at home or in an SMB.
1.1.1.1 is Cloudflare's public DNS resolver. Here's how to use it properly (addresses, DoH/DoT/ODoH, tests, pitfalls) and deploy it.
Quad9 (9.9.9.9) is a public DNS resolver focused on security and privacy: malware blocking, DNSSEC validation, and encrypted DoT/DoH options. Here's how to deploy it properly.
Putting your logo in the inbox: what you actually need to configure in DNS for BIMI, and how to choose between VMC and CMC.
Starting January 2026, Gmail will no longer continuously fetch messages from external mailboxes via POP ("Check mail from other accounts"). Impacts, timeline, and alternatives for Gmail and Google Workspace users and admins.
