Blog

Compliance, decoded

Regulatory updates, product news, and practical guides for MSPs and compliance teams navigating NIS2, DORA, GDPR, EAA, and ISO 27001.

April 17, 2026·7 min read

We sell DMARC scanners. We almost filed a bug on our own sending domain.

A narrative on why dig txt mail.yourdomain.com is the wrong question to ask about SPF, how modern ESPs split the sending domain into nested subdomains, and the three checks that actually audit alignment.

April 16, 2026·8 min read

Microsoft 365 email is spoofable out of the box. Here is how to close the three gaps.

Microsoft 365 ships with DKIM off, no DMARC, and an SPF default that gets weakened during rollout. A Defender-portal walkthrough that closes all three gaps and stops outbound spoofing of your domain.

April 16, 2026·8 min read

Anyone can spoof your Google Workspace email right now. Here is the 30-minute fix.

Google Workspace ships with weak SPF, DKIM off, and no DMARC record. A short admin walkthrough that closes all three gaps and stops outbound spoofing of your domain.