Tech Why Your Email Was Rejected by Outlook: Understanding Error 550; 5.7.515 and How to Fix It Starting May 5th, 2025, Microsoft Outlook.com will enforce new authentication rules for domains that send more than 5,000 emails per day. If you’re a bulk sender and found your messages rejected with the error: 550; 5.7.515 Access denied, sending domain [example.com] does not meet
Tech DMARCbis Replaces the PSL with DNS Tree Walk: What's the Difference? A central concept in DMARC is the Organizational Domain. It plays two key roles: 1. It defines the fallback domain used to look up a DMARC policy when no DMARC record is found at the exact domain from the "From" header. 2. It provides the domain against which
Tech MTA-STS Survey Update 2025: Adoption Trends One Year Later Last year, we published our inaugural MTA-STS adoption survey, tracking how many domains in the top 1 million had implemented Mail Transfer Agent Strict Transport Security (MTA-STS). One year later, it’s time to revisit the data and see how the landscape has changed. Summary of Changes (April 2024 → April
Tech Potential Permissions Policy violation Reports URIports now supports potential-permissions-policy-violation reports, helping detect iframe permission conflicts before features are used. This improves security monitoring, prevents misconfigurations, and strengthens policy enforcement. Stay ahead of potential risks with better visibility.
Tech The Ultimate SPF / DKIM / DMARC Best Practices 2025 Reduce spoofing and phishing, build and maintain a solid reputation, and increase email deliverability with SPF, DKIM, and DMARC.
Tech Detect and Fix Deprecated unload Events The web development landscape is constantly evolving, and with each update, developers need to adapt their code to maintain website functionality and performance. Recently, there has been a significant shift concerning the deprecation of the unload event in modern browsers. These changes can impact website performance, user experience, and data
Tech BIMI: An Analysis of the Top 1 Million Domains After developing an RFC-compliant validator for BIMI (Brand Indicators for Message Identification), I conducted a comprehensive analysis of the top 1 million domains to evaluate their BIMI setup. The findings highlight significant insights and common errors in BIMI implementations across these domains. Summary of Findings Out of the top 1
Tech Security.txt Adoption and Frequent Implementation Mistakes In April 2022, an effort was made to enhance cybersecurity by introducing RFC9116. This standard introduces a well-organized file format, simplifying security vulnerability reporting by placing a text file in the /.well-known/ folder of a domain. The goal? To tackle a pervasive issue: the difficulty security researchers face in finding
Tech SPF Macros: Overcoming the 10 DNS Lookup Limit If your domain relies heavily on third-party services to send emails on its behalf, you could encounter the DNS lookup limit outlined in section 4.6.4 of RFC7208, resulting in an SPF permerror. Without a correct DKIM configuration, emails may not pass DMARC checks, potentially leading to blocking or
Tech DKIM Ed25519-SHA256 adoption In this blog, we will delve into the significance of these RFCs, their recommendations, and the current state of email providers' support for Ed25519-SHA256.
Tech The end of Expect-CT With the release of the latest Google Chrome browser (105) at the end of August 2022, the Expect-CT header has officially been deprecated and will be removed in version 107.
Tech Eight years of Sender Policy Framework (SPF) Sender Policy Framework (SPF) is used to authenticate senders of email. Receiving servers use SPF to verify if the message source IP is authorized to send on behalf of the HELO or MAIL FROM domain. History The first draft [https://datatracker.ietf.org/doc/html/draft-schlitt-spf-classic-00] of the Sender Policy
Tech Hosted MTA-STS by URIports Publish an MTA-STS policy by adding just two CNAME records to your domain's DNS. URIports will publish an RFC-compliant MTA-STS policy using the latest best practices and periodically validate your policy and email setup.
Tech Introduction to SPF, DKIM, and DMARC For those of you that are new to the email security subject, you've probably heard about SPF, DKIM, and DMARC. But what are they, and how do they relate to each other? Prefer listening over reading? Check out our podcast that breaks down everything you need to know
Tech Why use URIports for your DMARC monitoring? DMARC, SPF, and DKIM have been around for more than eight years now. Every day, more domains adopt this mechanism to increase email deliverability and protect against email spoofing and phishing attacks. The "R" in DMARC stands for Reporting, and it is one of the great features of
Tech Microsoft is finally sending DMARC aggregate reports (...poorly) Microsoft has started sending DMARC aggregate reports, but unfortunately they don't know how to format a proper email.
Tech How to create a solid and secure Content Security Policy This step-by-step guide will help you understand and set up a solid Content Security Policy for your website.
Tech Why you need Network Error Logging (NEL) By adding a NEL response header to your website, you’ll receive reports from your visitors’ browsers, allowing you to accurately measure performance characteristics that will help you improve your website.
Tech Setting up OpenPGP Web Key Directory (WKD) If you use OpenPGP to secure your email communication, you should consider publishing your public key using Web Key Directory. It's easier than you think.
Application Support DMARC failure reports and GDPR Unlike aggregate reports, DMARC failure reports contain personal data like email subject, sender address, recipient address, and sometimes even the original message body. What does this mean for GDPR compliance?
Tech Document Policy: a new Permissions Policy extension Sometimes your site has to rely on content from other sources. With Document Policies, you have more control over the embedded documents. Let’s have a quick look at this new Feature Policy extension.
Tech DMARC reports IETF RFC compliance After analyzing millions of DMARC reports, I came to the disappointing conclusion that only a fraction of them comply with the DMARC IETF RFC guidelines. Most of them lack mandatory elements or hold incorrect element values.
Tech Email security explained The most common mechanisms for securing email explained (SPF, DKIM, DMARC, ARC, DANE, MTA-STS, STARTTLS Everywhere, and TLS-RPT).
Tech Featured MTA-STS explained Google announced that they made email more secure by adopting the new MTA-STS internet standard. But what is MTA-STS and how does it (sort of) improve email security
