Blog
Compliance, decoded
Regulatory updates, product news, and practical guides for MSPs and compliance teams navigating NIS2, DORA, GDPR, EAA, and ISO 27001.
Getting your face into people’s inboxes
BIMI puts a brand logo in the inbox. The photo next to a human is a different story, routed through five separate mechanisms that no standards body owns and that European data protection law treats very differently. One table, three compliance paragraphs, and the four-layer stack a sender actually uses.
You changed the setting. The world still sees the old one. Why.
A plain-English walkthrough of why a configuration change can sit invisible for hours after you deploy it, and the elegant trick some systems use to force the world to notice. Grounded in a real email-security rollout shipped this week, with named incidents that illustrate the difference between systems that include a version tag and systems that forgot.
One Google form decides how every browser treats your website.
Firefox, Safari, Edge, Brave, and Tor all pull their HTTPS preload list from a single file in the Chromium repository. This post explains how one Google form ends up controlling browser behavior across the web, the four rules to get on the list, and why getting off it later is much harder than getting on.
Your DMARC reports look like garbage. Here is how to actually read them.
DMARC aggregate reports arrive as zipped XML, once a day, from every receiver you send to. The format is machine-readable, not human-readable. This post walks through the schema field by field, the three red-flag patterns worth acting on, the noise you can ignore, and the tools that turn raw XML into a weekly digest.
We sell DMARC scanners. We almost filed a bug on our own sending domain.
A narrative on why dig txt mail.yourdomain.com is the wrong question to ask about SPF, how modern ESPs split the sending domain into nested subdomains, and the three checks that actually audit alignment.
Microsoft 365 email is spoofable out of the box. Here is how to close the three gaps.
Microsoft 365 ships with DKIM off, no DMARC, and an SPF default that gets weakened during rollout. A Defender-portal walkthrough that closes all three gaps and stops outbound spoofing of your domain.
Anyone can spoof your Google Workspace email right now. Here is the 30-minute fix.
Google Workspace ships with weak SPF, DKIM off, and no DMARC record. A short admin walkthrough that closes all three gaps and stops outbound spoofing of your domain.