Tech

Security.txt Adoption and Frequent Implementation Mistakes

In April 2022, an effort was made to enhance cybersecurity by introducing RFC9116. This standard introduces a well-organized file format, simplifying security vulnerability reporting by placing a text file in the /.well-known/ folder of a domain. The goal? To tackle a pervasive issue: the difficulty security researchers face in finding

Demystifying DMARC Alignment

Introduction A common challenge for those delving into email security is grasping the concept of alignment in SPF and DKIM. This blog sheds light on what alignment entails and its critical role in ensuring successful DMARC validation. Authenticated Identifiers Upon receiving an email, the receiving server validates SPF using the

MTA-STS Survey 2024: Adoption Rates and Common Pitfalls

MTA-STS, Google's alternative to DANE, which relies on HTTPS instead of DNSSEC to thwart Man-in-the-Middle downgrade attacks on the opportunistic encryption of SMTP traffic, was introduced over five years ago. We've conducted a comprehensive survey among the top 1 million domains to assess the adoption rate

New in Chrome 120: Permissions Policy Violation Reports

Google Chrome version 120 now supports Permissions Policy Violation Reports. This feature leverages the Permissions Policy API and Reporting API integration, enhancing developers' control over browser functionalities on their web pages. The Permissions Policy API is a powerful tool that allows developers to specify which features and capabilities are

Tech

SPF Macros: Overcoming the 10 DNS Lookup Limit

If your domain relies heavily on third-party services to send emails on its behalf, you could encounter the DNS lookup limit outlined in section 4.6.4 of RFC7208, resulting in an SPF permerror. Without a correct DKIM configuration, emails may not pass DMARC checks, potentially leading to blocking or

Tech

DKIM Ed25519-SHA256 adoption

In this blog, we will delve into the significance of these RFCs, their recommendations, and the current state of email providers' support for Ed25519-SHA256.

Tech

The Ultimate SPF / DKIM / DMARC Best Practices 2024

Reduce spoofing and phishing, build and maintain a solid reputation, and increase email deliverability with SPF, DKIM, and DMARC.

Tech

The end of Expect-CT

With the release of the latest Google Chrome browser (105) at the end of August 2022, the Expect-CT header has officially been deprecated and will be removed in version 107.

Tech

Eight years of Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is used to authenticate senders of email. Receiving servers use SPF to verify if the message source IP is authorized to send on behalf of the HELO or MAIL FROM domain. History The first draft [https://datatracker.ietf.org/doc/html/draft-schlitt-spf-classic-00] of the Sender Policy

Guides

Easy fix for: Unable to preventDefault inside passive event listener due to target being treated as passive

In this short blog, I explain what’s causing this violation and how you can easily fix it.

Guides

Easy fix for: Blocked attempt to show a 'beforeunload' confirmation panel for a frame that never had a user gesture since its load

In this short blog, I explain what’s causing this violation and how you can easily fix it.

What is intervention: "Modified page load behavior on the page because the page was expected to take a long amount of time to load"?

At URIports, we process a lot of Reporting API intervention reports containing the following violation: Modified page load behavior on the page because the page was expected to take a long amount of time to load Intervention violations can cause unwanted behavior and are visible in the visitors' developer

Tech

Hosted MTA-STS by URIports

Publish an MTA-STS policy by adding just two CNAME records to your domain's DNS. URIports will publish an RFC-compliant MTA-STS policy using the latest best practices and periodically validate your policy and email setup.

Tech

Introduction to SPF, DKIM, and DMARC

For those of you that are new to the email security subject, you've probably heard about SPF, DKIM, and DMARC. But what are they, and how do they relate to each other? Like regular postal mail, someone could send you a letter in an envelope and forge the

Reporting API v1 is here!

A new version of the Reporting API [https://web.dev/reporting-api/] has been released that hopefully will get supported across more browsers. The legacy Reporting API (v0) is currently only supported by Chrome and Edge browsers. If you have already implemented the Reporting API v0, you can migrate to the

Guides

DMARC External Destinations verification

The aggregate (rua) and failure (ruf) report destinations can be specified within the domain's DMARC policy. And while it is possible to specify a destination on a different organizational domain, the receiving domain must expressly indicate that reports for other domains are welcome. The absence of this record

Tech

Why use URIports for your DMARC monitoring?

DMARC, SPF, and DKIM have been around for more than eight years now. Every day, more domains adopt this mechanism to increase email deliverability and protect against email spoofing and phishing attacks. The "R" in DMARC stands for Reporting, and it is one of the great features of

Guides

Single Sign-On (SSO)

URIports supports Single Sign-On (SSO) using OpenID Connect (OIDC) for Mountain and Himalaya subscriptions. SSO speeds up access to your account by allowing you to log in with your existing company or Identity-As-A-Service (IDaaS) credentials, meaning fewer passwords to keep track of and easy user management. We've written

Guides

SSO OIDC Quick guide Okta

Below are screenshots to illustrate the steps required to connect URIports to Okta for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). 6. Paste the Redirect URI from URIports here 7. Select which users should have access to URIports 9. Copy the Client ID and save this value

Guides

SSO OIDC Quick guide Azure Active Directory (Entra ID)

Below are screenshots to illustrate the steps required to connect URIports to Azure Active Directory (Entra ID) for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). 4. Select which users should have access to URIports 5. Paste the Redirect URI from URIports here 7. Copy the Client ID

Guides

SSO OIDC Quick guide OneLogin

Below are screenshots to illustrate the steps required to connect URIports to OneLogin for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). 5. Paste the Redirect URI from URIports here 10. Copy the Client ID and save this value in URIports 12. Copy the Client Secret and save

Guides

SSO OIDC Quick guide SalesForce

Below are screenshots to illustrate the steps required to connect URIports to SalesForce for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). 8. Paste the Redirect URI from URIports here 13. Copy the Consumer Key and save this value in URIports as Client ID 14. Reveal the Consumer

Guides

SSO OIDC Quick guide Ping Identity

Below are screenshots to illustrate the steps required to connect URIports to Ping Identity for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). 8. Paste the Redirect URI from URIports here 16. Copy the ISSUER and save this value in URIports as the Application URL 17. Copy the

Guides

SSO OIDC Quick guide Google Workspace

Below are screenshots to illustrate the steps required to connect URIports to Google Workspace (formerly known as G Suite) for the purpose of enabling Single Sign-On through OpenID Connect (OIDC). The Google Workspace Application URL is https://accounts.google.com. Go to the Google Cloud Platform [https://console.cloud.google.

Guides

Instant DMARC reports

Why wait 24 hours? Instant DMARC reports allow you to view your SPF and DKIM performance in seconds.