Practical insights on email deliverability, security, and infrastructure — based on real findings from working with 450+ organizations.
Email Security
February 11, 2026
A scam email sent from @google.com passed SPF, DKIM, and DMARC without a compromised account. Here’s what it reveals about modern email threats.
Email Deliverability
February 4, 2026
A real-world look at whether CRM emails should be routed through a third-party ESP, and why proper infrastructure architecture matters for deliverability.
February 2, 2026
Should you use a 3rd party email provider for newsletters instead of your CRM? This post explains why emails go to spam, when a third-party tool helps, and when it won't.
January 29, 2026
Microsoft 365 has a result code that doesn't appear in any DMARC RFC: oreject. When M365 sits behind a third-party gateway, p=reject policies get silently overridden — and Microsoft doesn't report it. Here's the mechanism, why the original M365 Groups framing was incomplete, and the receive-connector lockdown that actually fixes it.
January 28, 2026
Why treating all bounces the same is a mistake – and how to properly handle soft bounces, hard bounces, and blocks for better deliverability.
January 26, 2026
A real-world example of how third-party DNS control can silently block DMARC visibility, redirect domain telemetry, and introduce serious email security and data exposure risks.
January 20, 2026
Why email reputation “fixer” tools and warm-up software often backfire and what actually works when your emails start landing in spam.
January 16, 2026
Explanation of why Gmail blocks sending during CRM batch emails and what's actually causing it.
January 13, 2026
How DMARC forensics exposed an API key leak, 2.3M unauthorized emails, and a $10K bill.
January 8, 2026
Attackers use backscatter emails to bypass filters, harming servers and delivering phishing content.
December 29, 2025
Microsoft 365 groups can deliver spoofed emails despite failing SPF, DKIM, and enforced DMARC policies.
December 25, 2025
Proper DMARC enforcement on the root domain protects non-existent subdomains without needing separate policies.