The web development landscape is constantly evolving, and with each update, developers need to adapt their code to maintain website functionality and performance. Recently, there has been a significant shift concerning the deprecation of the unload event in modern browsers. These changes can impact website performance, user experience, and data

After developing an RFC-compliant validator for BIMI (Brand Indicators for Message Identification), I conducted a comprehensive analysis of the top 1 million domains to evaluate their BIMI setup. The findings highlight significant insights and common errors in BIMI implementations across these domains. Summary of Findings Out of the top 1

In April 2022, an effort was made to enhance cybersecurity by introducing RFC9116. This standard introduces a well-organized file format, simplifying security vulnerability reporting by placing a text file in the /.well-known/ folder of a domain. The goal? To tackle a pervasive issue: the difficulty security researchers face in finding

If your domain relies heavily on third-party services to send emails on its behalf, you could encounter the DNS lookup limit outlined in section 4.6.4 of RFC7208, resulting in an SPF permerror. Without a correct DKIM configuration, emails may not pass DMARC checks, potentially leading to blocking or

In this blog, we will delve into the significance of these RFCs, their recommendations, and the current state of email providers' support for Ed25519-SHA256.

With the release of the latest Google Chrome browser (105) at the end of August 2022, the Expect-CT header has officially been deprecated and will be removed in version 107.

Sender Policy Framework (SPF) is used to authenticate senders of email. Receiving servers use SPF to verify if the message source IP is authorized to send on behalf of the HELO or MAIL FROM domain. History The first draft [https://datatracker.ietf.org/doc/html/draft-schlitt-spf-classic-00] of the Sender Policy

For those of you that are new to the email security subject, you've probably heard about SPF, DKIM, and DMARC. But what are they, and how do they relate to each other? Prefer listening over reading? Check out our podcast that breaks down everything you need to know

DMARC, SPF, and DKIM have been around for more than eight years now. Every day, more domains adopt this mechanism to increase email deliverability and protect against email spoofing and phishing attacks. The "R" in DMARC stands for Reporting, and it is one of the great features of

Microsoft has started sending DMARC aggregate reports, but unfortunately they don't know how to format a proper email.

Sometimes your site has to rely on content from other sources. With Document Policies, you have more control over the embedded documents. Let’s have a quick look at this new Feature Policy extension.

After analyzing millions of DMARC reports, I came to the disappointing conclusion that only a fraction of them comply with the DMARC IETF RFC guidelines. Most of them lack mandatory elements or hold incorrect element values.

The most common mechanisms for securing email explained (SPF, DKIM, DMARC, ARC, DANE, MTA-STS, STARTTLS Everywhere, and TLS-RPT).