DMARC has changed, so I updated the LearnDMARC quiz to match the new RFCs.

Think you still know DMARC inside out?

I challenge every email authentication nerd, deliverability specialist, postmaster, DNS wrangler, and DMARC report parser builder to take the full 42-question quiz and see how RFC-ready you really are.

If you can ace them all, you’re an absolute DMARC nerd. And even if you don’t get every answer right, I guarantee you’ll learn something.

The quiz was desktop-only until now, but after 816 people started it today, I decided to make it available on mobile too.

Take the full quiz:
https://learndmarc.com/quiz?all

Let me know your score, and challenge your colleagues by tagging them in the comments. Bonus points if you find a question that made you doubt yourself.

#DMARC #EmailSecurity #EmailAuthentication #SPF #DKIM #DNS #Deliverability #RFC9989 #RFC9990 #RFC9991

We analyzed DMARC report emails from the last 3 days across nearly 3,500 reporting organisations. Looking only at organisations that sent a substantial volume of reports during that period, just 9 were fully RFC compliant (GMX, WEB.DE & mail.com), while most major reporting organisations had at least one compliance issue.

The most common problems were surprisingly basic: missing required fields like "version", "envelope_from", and SPF "scope", invalid attachment filenames and media types, empty "<sp/>" elements, and invalid values like "sampled_out", "unknown", "hardfail", and even "Pass" with a capital P.

Some large providers scored well but still had edge case issues. Comcast, Microsoft, and Fastmail were close, but not perfect.

Others performed far worse. Yahoo, Google, Amazon SES, and Mimecast all generated large volumes of non-compliant reports.

At DMARC scale, small XML mistakes create real interoperability problems. They break parsers, cause data loss, and force receiving platforms to build endless workarounds.

We’ve already contacted several organisations and shared examples of the issues we found. The goal is better interoperability across the email ecosystem. Until then, DMARC platforms like URIports will keep doing their unofficial second job: translating creative interpretations of the RFC into something that actually parses 😄

More details: https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/

#DMARC #EmailSecurity #EmailAuthentication #SPF #DKIM #CyberSecurity #RFC7489 #URIports

The new BIMI lps= tag, also known as the local-part selector, has been added to the BIMI specification. It allows domain owners to define different brand indicators based on the sender address (for example noreply@, support@, marketing@), without relying solely on the selector header.

With lps=, brands can assign unique BIMI logos to different sender types, exclude certain local-parts from showing any logo at all, and gain far more control over how their brand appears in recipients’ inboxes.

https://www.uriports.com/blog/bimi-lps-tag/

#BIMI #EmailAuthentication #DMARC #BrandProtection #URIports #EmailSecurity

DMARCbis replaces the PSL with DNS Tree Walk: What's the Difference? https://www.uriports.com/blog/dmarcbis-dns-tree-walk/

#DMARC #DMARCbis #DNS

Ever wonder what email servers are doing behind the scenes? At https://LearnDMARC.com, we turned the confusing world of email authentication into a visual story.

📡 Watch servers talk it out.
🎯 Take the DMARC quiz.
📬 Paste email headers.

Perfect for learners, IT pros, and anyone who’s ever yelled “WHY is SPF failing?!” Best of all? It’s free, and your data isn’t stored or used for anything beyond creating the visualization.

#EmailSecurity #DMARC #LearnDMARC #EmailAuthentication #SPF #DKIM #URIports

Google DMARC reports are back! After going quiet since April 13, Google has resumed sending DMARC aggregate reports as of 19:15 UTC today. So far, the reports only include data from yesterday (April 16), but it is a good sign that things are starting to flow again.

#DMARC #EmailSecurity #Google

Chrome now supports potential-permissions-policy-violation Reports – And so does URIports!

With the latest 134 update, Chrome can now generate potential-permissions-policy-violation reports, helping developers catch Permissions Policy conflicts before they happen. At URIports, we’re excited to announce that we fully support these new reports, giving you deeper visibility into how embedded content interacts with your site’s security policies.

Learn more about these reports and how they help secure your web applications in our latest blog: https://www.uriports.com/blog/potential-permissions-policy-violation-reports/