Blog

Practical insights on email deliverability, security, and infrastructure — based on real findings from working with 450+ organizations.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Newest
Email header showing dmarc=fail action=oreject and compauth=none reason=451 — the fingerprint of Microsoft 365 silently overriding a DMARC p=reject policy

Email Security

How Microsoft 365 Silently Overrides DMARC p=reject as oreject

January 29, 2026

Microsoft 365 has a result code that doesn't appear in any DMARC RFC: oreject. When M365 sits behind a third-party gateway, p=reject policies get silently overridden — and Microsoft doesn't report it. Here's the mechanism, why the original M365 Groups framing was incomplete, and the receive-connector lockdown that actually fixes it.

Email Deliverability

How to Handle Bounces and Blocks Properly

January 28, 2026

Why treating all bounces the same is a mistake – and how to properly handle soft bounces, hard bounces, and blocks for better deliverability.

Email Security

When Vendors Control Your DNS: A Hidden DMARC Security Risk

January 26, 2026

A real-world example of how third-party DNS control can silently block DMARC visibility, redirect domain telemetry, and introduce serious email security and data exposure risks.

Email Deliverability

Why Email Reputation “Fixer” Tools Usually Make Things Worse

January 20, 2026

Why email reputation “fixer” tools and warm-up software often backfire and what actually works when your emails start landing in spam.

Email Deliverability

Why Gmail Blocks Sending After Just a Few Emails

January 16, 2026

Explanation of why Gmail blocks sending during CRM batch emails and what's actually causing it.

Email Security

2.3 million emails. One exposed API key. $10K bill.

January 13, 2026

How DMARC forensics exposed an API key leak, 2.3M unauthorized emails, and a $10K bill.

Email Security

Backscatter Injection Attacks Exploiting Legitimate Infrastructure

January 8, 2026

Attackers use backscatter emails to bypass filters, harming servers and delivering phishing content.

Email Security

Microsoft 365 Groups Bypass DMARC, Exposing Organizations to Spoofing

December 29, 2025

Microsoft 365 groups can deliver spoofed emails despite failing SPF, DKIM, and enforced DMARC policies.

Email Security

Why Subdomain DMARC Policies Are Often Unnecessary

December 25, 2025

Proper DMARC enforcement on the root domain protects non-existent subdomains without needing separate policies.

Email Security

Unexpected DMARC Reports Flood emvdmarc[.]com After Domain Acquisition

December 1, 2025

New domain emvdmarc[.]com receives DMARC reports from random organizations, creating unexpected security concerns.

Email Security

The Challenges of Enforcing DMARC p=reject in Modern Email Infrastructure

November 12, 2025

Implementing DMARC p=reject stops spoofing but often clashes with business workflows and new systems.

Email Security

How SaaS Platforms Accidentally Enable Spam and Phishing

November 12, 2025

Architectural flaws in SaaS platforms allow phishing campaigns through trusted email infrastructure.