📚 Articles
Working notes on email deliverability, DNS, and the standards that decide whether your mail reaches the inbox. New pieces as the corners of the spec demand them.
BIMI: how to set it up, and why you probably shouldn't bother yet
What it actually takes to get your logo into the inbox with BIMI, and an honest look at why, right now, it's mostly vanity rather than a deliverability win.
DMARC from p=none to p=reject, without breaking real mail
The safe path from a do-nothing DMARC record to full enforcement. Read the reports first, fix every legitimate sender, and ratchet the policy in stages instead of one risky jump.
From no MTA-STS to enforce, without blackholing your own mail
A staged plan for going from no SMTP TLS policy to enforce mode. Reporting first, the pitfalls that bite in the middle, and real scenarios for M365 and mixed-MX setups.
What on earth is DNSSEC, and should your business care?
A plain-English explainer of what DNSSEC actually does, where it genuinely helps your domain and business, and where it doesn't, without the cryptography lecture.