articles · field notes
Articles
Plain-language writing on email authentication, deliverability and
domain health — why these systems break quietly, what that costs,
and what keeping them correct actually involves. No scare stories;
every piece explains what to do about it.
Email deliverability · June 2026
The world's largest mailbox providers now expect stronger email authentication, and the requirements reach senders of every size. If quotes, invoices or booking confirmations have started disappearing, this is one of the first places to look — and the fix starts with three DNS records.
Email security · June 2026
The EU's cybersecurity agency studied exactly this assumption, and its conclusion is blunt: criminals often prefer smaller firms. What one documented incident cost, why email is the front door, and a checklist in order of impact.
Domain health · June 2026
A domain's email and security posture isn't a wall you build once; it's a garden that grows weeds. Why correctly configured records quietly stop being correct, and why the annual check-up finds out too late.
Email authentication · June 2026
A scanner, a security questionnaire or a mailbox provider has flagged that your domain has no effective DMARC policy. What that actually exposes you to, and the risk-free sequence that closes it.
Email deliverability · June 2026
Your message was rejected by Microsoft before reaching the recipient — a permanent failure, not a spam-folder detour. The four usual causes, and the fix for each.
Email deliverability · June 2026
Gmail could not verify that the message legitimately comes from your domain, and unauthenticated mail is increasingly rejected rather than spam-foldered. Where to look, and what to fix.
Email authentication · June 2026
A permerror invalidates your entire SPF record — for every sender, including the ones configured perfectly. Where the lookups accumulate invisibly, and how to get back under the limit safely.
Email authentication · June 2026
The receiving server did exactly what your own DMARC policy told it to do. How to tell an incomplete sender inventory from a blocked forgery — and why the answer is finishing the alignment work, not abandoning the policy.