Leadership

Email Security: An Enablement Journey, Not a Maturity Ladder

Most organizations treat email authentication as a checkbox exercise. Deploy SPF, publish DMARC in reporting mode, call it done. But the real story isn’t about maturity tiers—it’s about what you unlock at each phase of implementation. And frankly, the gap between where organizations are and where they need to be is brutal.

This post outlines an enablement journey: each phase builds on the previous one and creates new capabilities that weren’t possible before.

Read more “Email Security: An Enablement Journey, Not a Maturity Ladder”
Research

The State of DNS Security — Where the Top…

A position snapshot of the full Majestic Million across three layers — DNSSEC signing, email authentication (SPF / DMARC / MTA-STS), and DANE. This is the scorecard: what is deployed, on how many domains, and how it’s distributed by rank and TLD. Remember Majestic Million is a bit old so a chunk of the domains no longer resolve, but the data gives a good thematic view.

Read more “The State of DNS Security — Where the Top Million Stands: DNSSEC, Email Authentication & DANE by the Numbers”
Research

Email and Domain Security

Ok, this is a topic I’ve looked at for years, my views have been built up based on a range of things from the theory, the reality of what I find/see and the incidents I respond to and hear about.

I’ve used Claude largely for this because it’s meant as a quick snapshot in time and a high level thematic view. SPF, DMARC, MTA-STS and DNSSEC (and DNS/Domain management in general) are complex topics and there’s lots of nuance in things.

That said, who wants to see what ‘scanning’ 1 million domains looks like? Let’s take a look at what Claude has come up with:

Read more “Email and Domain Security”
Copyright (c) Xservus Limited