Mastodawn

We analyzed DMARC report emails from the last 3 days across nearly 3,500 reporting organisations. Looking only at organisations that sent a substantial volume of reports during that period, just 9 were fully RFC compliant (GMX, WEB.DE & mail.com), while most major reporting organisations had at least one compliance issue.

The most common problems were surprisingly basic: missing required fields like "version", "envelope_from", and SPF "scope", invalid attachment filenames and media types, empty "<sp/>" elements, and invalid values like "sampled_out", "unknown", "hardfail", and even "Pass" with a capital P.

Some large providers scored well but still had edge case issues. Comcast, Microsoft, and Fastmail were close, but not perfect.

Others performed far worse. Yahoo, Google, Amazon SES, and Mimecast all generated large volumes of non-compliant reports.

At DMARC scale, small XML mistakes create real interoperability problems. They break parsers, cause data loss, and force receiving platforms to build endless workarounds.

We’ve already contacted several organisations and shared examples of the issues we found. The goal is better interoperability across the email ecosystem. Until then, DMARC platforms like URIports will keep doing their unofficial second job: translating creative interpretations of the RFC into something that actually parses 😄

More details: https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/

#DMARC #EmailSecurity #EmailAuthentication #SPF #DKIM #CyberSecurity #RFC7489 #URIports

DMARC reports IETF RFC compliance

After analyzing millions of DMARC reports, I came to the disappointing conclusion that only a fraction of them comply with the DMARC IETF RFC guidelines. Most of them lack mandatory elements or hold incorrect element values.

URIports Blog

Freddie Leeman Nov 6, 2025

The new BIMI lps= tag, also known as the local-part selector, has been added to the BIMI specification. It allows domain owners to define different brand indicators based on the sender address (for example noreply@, support@, marketing@), without relying solely on the selector header.

With lps=, brands can assign unique BIMI logos to different sender types, exclude certain local-parts from showing any logo at all, and gain far more control over how their brand appears in recipients’ inboxes.

https://www.uriports.com/blog/bimi-lps-tag/

#BIMI #EmailAuthentication #DMARC #BrandProtection #URIports #EmailSecurity

Understanding the new lps= tag in BIMI

The BIMI specification continues to evolve, and one of the most notable changes in draft version 11 is the introduction of the new lps= tag, also known as the local-part selector. What is the lps= tag? In prior versions of BIMI, published brand indicators and their DNS assertion records relied

URIports Blog

Freddie Leeman Apr 20, 2025

Ever wonder what email servers are doing behind the scenes? At https://LearnDMARC.com, we turned the confusing world of email authentication into a visual story.

📡 Watch servers talk it out.
🎯 Take the DMARC quiz.
📬 Paste email headers.

Perfect for learners, IT pros, and anyone who’s ever yelled “WHY is SPF failing?!” Best of all? It’s free, and your data isn’t stored or used for anything beyond creating the visualization.

#EmailSecurity #DMARC #LearnDMARC #EmailAuthentication #SPF #DKIM #URIports

Learn and test SPF, DKIM and DMARC

Visualize, analyze and improve your email authentication setup