About Us
SH Consulting began with a simple mission: to improve email deliverability for everyone. Over time, founder Alex Shakhov realized the root of most deliverability problems lies deeper - not just with companies sending poorly structured messages, but with bad actors abusing the email ecosystem to deliver spam and phishing scams.
As major email service providers increase their security measures to fight abusers, these stricter filters now affect everyone. Even legitimate businesses see your emails flagged as suspicious.
That’s why email deliverability cannot be separated from email security. At SH Consulting, we take a security-first approach to deliverability - building robust email systems that withstand abuse, meet modern standards, and ensure legitimate messages land where they belong: the inbox.
Meet the Team
Founder of SH Consulting, Alex holds an M.S. in Aerospace Engineering and leads both security and deliverability for SH client portfolio. He also conducts cybersecurity research for non-profits and advocacy organizations. His past work includes consulting for Shopify, Optical Cable Corporation, Live Coin Watch, and others, all with one mission: make the internet a safer, more resilient place.
Former Head of Deliverability at SendGrid, Luke helped architect and scale infrastructure for global platforms like Uber, Booking.com, and Spotify, overseeing 20 billion monthly emails. Now, he directs SH Consulting’s deliverability department, managing everything from server configurations and content audits to analytics and infrastructure design.
With an M.S. in Cybersecurity Systems Administration, Volodymyr leads our security analytics, research, and vulnerability reporting. He monitors threats across sectors, including finance, tech, and government, to protect SH Consulting clients and contribute to a safer digital ecosystem.
We Participate at Leading Industry and Technology Events
The panel covered how factors like server configuration, security protocols, sending volume, infrastructure health, and database hygiene impact inbox placement and deliverability. It also addressed the importance of template design, infrastructure choices, spam complaint management, and regulatory compliance - highlighting that deliverability is never determined by a single factor. The discussion underscored the need for the real estate industry to raise awareness about email security, adopt robust authentication protocols, and proactively adapt to evolving technologies and standards to stay competitive in an ever-changing market.
The session explored the technical foundations of email deliverability, including mail server configuration, authentication protocols, infrastructure health, and database hygiene. Alex also addressed advanced spam filter behavior, industry thresholds, and the importance of securing email systems to protect against spoofing and phishing. It underscored that sustainable inbox placement in real estate requires a strategic blend of infrastructure design, security enforcement, and compliance with evolving industry standards.
Recognized by the Community
.jpeg)
This post exposed a new phishing vector where attackers send emails through the Gmail API that fully pass SPF, DKIM, and DMARC p=reject. By leveraging legitimate Google infrastructure, messages bypass traditional security controls while appearing fully trusted to recipients.
The findings resonated widely across the security community, generating 76,000+ impressions, 300+ reactions, and 40+ reposts, and sparking discussions about how modern authentication mechanisms can be abused without account compromise.
This analysis highlighted how a domain used in Cloudflare’s DMARC documentation introduced unintended security risk. Organizations replicated the example in production, using a non-reserved domain that could be registered by third parties to intercept sensitive data.
The post gained significant traction across the infosec community, reaching 83,000+ impressions and driving discussions around secure documentation practices and the risks of treating DNS configurations as copy-paste implementations.
.jpeg)
This investigation uncovered a coordinated campaign targeting orphaned subdomains across major US universities. By identifying abandoned CNAME records and claiming external services, attackers gained control over trusted .edu domains.
The findings reached 75,000+ impressions, with strong engagement from security practitioners, highlighting systemic gaps in DNS lifecycle management and the risks of leaving external dependencies unmanaged.
