Aleksej Dix
Founder of Sudory
Founder of Sudory. Frontend engineer based in Zurich with 20+ years shipping production web apps; now building continuous compliance scanning and writing about the DNS and email-auth controls behind it. Co-founder of WebZurich.
Posts by Aleksej
One Google form decides how every browser treats your website.
Firefox, Safari, Edge, Brave, and Tor all pull their HTTPS preload list from a single file in the Chromium repository. This post explains how one Google form ends up controlling browser behavior across the web, the four rules to get on the list, and why getting off it later is much harder than getting on.
6 min readYour DMARC reports look like garbage. Here is how to actually read them.
DMARC aggregate reports arrive as zipped XML, once a day, from every receiver you send to. The format is machine-readable, not human-readable. This post walks through the schema field by field, the three red-flag patterns worth acting on, the noise you can ignore, and the tools that turn raw XML into a weekly digest.
8 min readWe sell DMARC scanners. We almost filed a bug on our own sending domain.
A narrative on why dig txt mail.yourdomain.com is the wrong question to ask about SPF, how modern ESPs split the sending domain into nested subdomains, and the three checks that actually audit alignment.
7 min readMicrosoft 365 email is spoofable out of the box. Here is how to close the three gaps.
Microsoft 365 ships with DKIM off, no DMARC, and an SPF default that gets weakened during rollout. A Defender-portal walkthrough that closes all three gaps and stops outbound spoofing of your domain.
8 min readAnyone can spoof your Google Workspace email right now. Here is the 30-minute fix.
Google Workspace ships with weak SPF, DKIM off, and no DMARC record. A short admin walkthrough that closes all three gaps and stops outbound spoofing of your domain.
8 min read