your domain health in one check

the domain health check runs all 9 email authentication protocols against your domain in a single query

- SPF syntax
- DMARC policy
- DKIM selectors
- MTA-STS mode
- TLS-RPT reporting
- BIMI record
- DANE/TLSA
- and ARC chain validation

run the health check

one domain, 9 protocols, 30 seconds

no account required

https://dmarcguard.io/tools/domain-health-check/

#DMARC #EmailSecurity #EmailAuthentication #DomainHealth

why I built a 9-protocol platform!?

when I started building DMARCguard, every competitor I evaluated covered 5-6 protocols.

DMARC, SPF, DKIM... the basics.

but email authentication is a system of 9 interlocking protocols, and monitoring only half of them gives you a partial picture.

so I built coverage for all 9: DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, DANE, and ARF.

that decision cost me speed but bought correctness.

https://dmarcguard.io/compare/

#DMARC #EmailSecurity

SPF has a 10-lookup limit

RFC 7208 Section 4.6.4 is clear: SPF evaluation must not exceed 10 DNS mechanisms that cause lookups

exceed it and the result is permerror

meaning your SPF record is effectively invalid

every SaaS tool you authorize (Mailchimp, Salesforce, Zendesk) adds includes

the fix: flatten your record

replace nested includes with the resolved IP ranges

but those IPs change, so you need ongoing monitoring.

https://dmarcguard.io/tools/spf-flattener/

#DMARC #SPF

Microsoft Outlook enforcement is here

Microsoft started enforcing DMARC for outlook.com senders in May 2025

if you're still at p=none for domains sending to Outlook, Hotmail, or live.com recipients, your deliverability is already degrading

combined with Google/Yahoo rejecting non-compliant bulk senders since November 2025, the three largest consumer mailbox providers now enforce authentication

https://dmarcguard.io/tools/dmarc-checker/

#DMARC #EmailSecurity #MicrosoftOutlook

Кто на чём шлёт и принимает почту: измеряем email-инфраструктуру 660 тысяч доменов из Tranco top-1M

Анализ DNS-снэпшота OpenINTEL за 2026-01-01 TL;DR. Используя ежедневные DNS-снэпшоты OpenINTEL поверх списка Tranco top-1M, мы собрали ландшафт email-инфраструктуры публичного веба на 1 января 2026 года. MX-записи опубликовали 660 114 доменов, SPF — 616 352, DMARC — 431 133. Дуополия Google Workspace (21.7%) + Microsoft 365 (16.3%) занимает суммарно ~38% receiving-стороны — заметно меньше, чем принято считать в популярных обзорах. На outbound-стороне Amazon SES вышел вперёд по числу авторизованных доменов (5.86%), обогнав SendGrid (4.66%). DMARC опубликован у двух третей SPF-доменов, но 19% всех DMARC-записей — это пустая v=DMARC1; p=none; без отчётов: формальная галочка, а не защита.

https://habr.com/ru/articles/1030770/

#email #DMARC #SPF #MX #OpenINTEL #Tranco #deliverability #emailаутентификация #DNSаналитика #ESP

month one. here's exactly what I've shared and what's coming next.

thirty-one days

no sales pitches

what I covered:

- DMARC enforcement gaps (12.8% adoption)
- SPF lookup limits (2.7% error rate)
- DKIM alignment failures
- ARC chain analysis

and

- MTA-STS transport security
- DANE certificate pinning
- BIMI brand display

every tool I mentioned is free at dmarcguard.io/tools/

no account, no credit card, no trial expiration

https://dmarcguard.io/tools/

#DMARC #EmailSecurity

ARF, Abuse Reporting Format (RFC 5965) standardizes how mailbox providers report abuse back to senders

when a recipient marks your email as spam, ARF sends a structured report to the address in your abuse contact

combined with DMARC aggregate (rua) and forensic (ruf) reports, ARF completes the picture:

- authentication status
- delivery failures
- and recipient complaints

https://dmarcguard.io/learn/arf/

#DMARC #EmailSecurity