Blog

News, tips and insights about email security.

May 19, 2026

Why your DMARC report shows 46% fail — and why only 3% of it matters

Red report, green delivery — how does that add up? You open your DMARC aggregate report and see 46% SPF fail. First instinct: something is broken, or someone i…

The undelegated subdomain trap — why p=reject alone is not enough

May 13, 2026

Email Security DMARC Subdomain Spoofing DNS

The Undelegated Subdomain Trap: Why p=reject Alone Is Not Enough

p=reject and still spoofed for two weeks via a non-existent subdomain. Why sp= is necessary but not sufficient — and why the wildcard DMARC record fails.

Hosted DMARC Mailbox — reports via <alias>@in.dmarcpulse.io without your own inbox

May 11, 2026

Release DMARC Hosted Mailbox Microsoft 365 Update

DMARCPulse May 2026 Update: Hosted Mailbox, App-Only and Honest SPF

Three improvements shipped: hosted DMARC report address, Microsoft-365 App-Only auth without your own certificate, new Aligned column with real DMARC numbers.

NIS2 and email authentication: DMARC, SPF, and MTA-STS mapped to §30 BSIG

May 11, 2026

NIS2 Compliance DMARC SPF MTA-STS BSIG

NIS2 is in force — what it means for DMARC, SPF, and MTA-STS

Since 6 Dec 2025, NIS2 in Germany requires 29,500 firms to take technical cyber-risk measures. Email auth is part of it — management is personally liable.

Robinhood incident: SPF, DKIM, DMARC and BIMI all passed — but the email was phishing

May 4, 2026

Email Security DMARC BIMI Phishing Application Security Incident Analysis

Robinhood phished its own customers with perfect email authentication — what actually broke

April 2026: Robinhood customers got phishing from Robinhood servers — valid SPF, DKIM, DMARC and BIMI. Defect: HTML injection in a transactional template.

FBI IC3 2025 report: $3 billion in losses from business email compromise

May 1, 2026

BEC FBI IC3 DMARC NIS2 Mid-Market Email Security

The $3 billion email problem: What the FBI's 2025 IC3 report means for the DACH mid-market

BEC caused $3 billion in losses per the FBI 2025 IC3 report. For DACH mid-market under NIS2, regulatory and financial risk now align — DMARC remains overlooked.

DANE — TLS certificates anchored in DNS via TLSA records, secured by DNSSEC

April 30, 2026

Email Security TLS DNS Guide

What Is DANE? — Anchor Certificates in DNS

DANE binds TLS certificates to DNS, protecting inbound email against downgrades and forged certs. How TLSA records work, MTA-STS comparison, DANE setup.

DNSSEC — cryptographically signed DNS responses as protection against spoofing and cache poisoning

April 30, 2026

Email Security DNS Guide

What Is DNSSEC? — Sign and Verify DNS Answers

DNSSEC protects against DNS spoofing and cache poisoning via cryptographically signed responses. How it works, how to activate it, and why it matters for DANE.

Cloudflare 2026 Threat Report: 46% of emails fail DMARC validation

April 24, 2026

Email Security DMARC SPF DKIM

Why 46% of All Emails Fail DMARC — And Why Much of It Is Friendly Fire

Cloudflare 2026: nearly half of 450M analyzed emails failed DMARC. Much of it is legitimate mail broken in transit — five common causes and what senders can do.

DACH Email Security Report 2026 — 503 domains analyzed

April 14, 2026

Email Security DMARC SPF MTA-STS DNSSEC Report

DACH Email Security 2026: 503 Domains

SPF, DMARC, MTA-STS and DNSSEC analyzed across 503 DACH domains: a significant enforcement gap, especially in education and government.