BètaSPFWise is in bèta, en elke functie is gratis totdat deze eindigt. Meer informatie nadat u zich hebt aangemeld.
Handleidingen

Handleidingen voor e-mailauthenticatie

Praktische, no-nonsense handleidingen voor SPF, DKIM en DMARC. Los op wat kapot is en houd uw e-mail uit de spam.

security

Phishing vs Spoofing: What Is the Difference?

Spoofing is the technique of forging a sender identity; phishing is the fraud it enables. This guide explains the difference, how they overlap, and which defenses stop each.

5 jul 20268 min lezen
security

What Is Email Spoofing and How It Works

Email spoofing forges the visible From address by exploiting how plain SMTP separates the envelope from the message header. Learn how the forgery works, whether it is illegal, and how SPF, DKIM, and DMARC at p=reject actually stop it.

4 jul 20267 min lezen
basics

What Is Email Authentication? A Complete Guide

A plain-language pillar guide to email authentication: why open SMTP has no built-in identity, and how SPF, DKIM, DMARC, and supporting signals like PTR, ARC, BIMI, and MTA-STS work together to prove a message really came from your domain.

4 jul 20268 min lezen
security

DMARC for Parked and Non-Sending Domains: The Day-One p=reject Setup

A domain that never sends email is a favorite target for spoofing. This guide gives you the copy-paste lockdown record set for a parked or non-sending domain: v=spf1 -all, an empty DKIM key, a null MX, and a straight-to-p=reject DMARC record with no monitoring rollout. You will also get a CNAME pattern to manage dozens of parked domains from one central record, plus how to confirm the lockdown with a free checker.

4 jul 20267 min lezen
security

How to Set Up TLS-RPT: SMTP TLS Reporting DNS Record Step by Step

TLS-RPT tells sending mail servers where to send daily reports when TLS negotiation to your domain fails. Add one TXT record at _smtp._tls.yourdomain.com with v=TLSRPTv1 and a rua endpoint, point it at a dedicated reporting mailbox or HTTPS collector, and you get visibility into encryption failures. This guide gives you the exact copy-paste record, the operational details most guides skip, and how TLS-RPT works alongside MTA-STS and DANE.

4 jul 20268 min lezen
security

How to Set Up DANE and TLSA Records for Email (SMTP)

DANE lets you pin your mail server's TLS certificate in DNS so sending servers refuse to deliver over a downgraded or spoofed connection. This guide gives you the exact build order: confirm DNSSEC end to end, generate the hash from your STARTTLS certificate with OpenSSL, publish a TLSA record at _25._tcp.your-mx-host, and pick the right usage, selector, and matching type. Includes validation steps and the DNSSEC mistake that breaks most first attempts.

4 jul 20268 min lezen
spf

Do Subdomains Need Their Own SPF Record?

SPF does not climb from a subdomain to your root domain, so a subdomain with no record returns "none" and is trivially spoofable. This guide shows why SPF inheritance is a myth, how to write per-subdomain records, how to lock down subdomains that never send mail, and how the DMARC sp= tag fills the gap SPF leaves open.

3 jul 20267 min lezen
security

How to Set Up MTA-STS: Step-by-Step Guide with Policy File and DNS Records

A copy-paste walkthrough of all three MTA-STS parts: the _mta-sts TXT record, the mta-sts.txt policy file served over HTTPS at the well-known path, and the mx, mode, and max_age directives. Includes dig and curl validation steps to confirm each piece resolves before you switch from testing to enforce mode, plus how MTA-STS relates to TLS-RPT, DANE, and DMARC.

3 jul 20268 min lezen
security

MTA-STS vs DANE: Which Email Transport Security Standard Should You Use?

MTA-STS and DANE both force encrypted SMTP delivery, but they trust different things. MTA-STS uses HTTPS and the public CA system with a trust-on-first-use gap. DANE uses DNSSEC-signed TLSA records with no first-use window. Gmail and Outlook honor MTA-STS as senders but do not validate DANE when receiving, so publish MTA-STS for reach and add DANE where your DNS and receivers support it.

3 jul 20267 min lezen
deliverability

Email Blacklist Check: How to Tell If You're Listed and Get Delisted From Every Major DNSBL

A blacklist (DNSBL) is a live list of IPs or domains that mail servers query to decide whether to reject or spam-folder your email. This guide shows how to check if your domain or sending IP is listed, which blocklists actually affect delivery (Spamhaus, Barracuda, SpamCop, Microsoft) versus vanity lists you can ignore, and the root-cause checklist that makes delisting stick.

3 jul 20268 min lezen
security

Business Email Compromise (BEC): The Email Authentication Checklist That Actually Reduces Risk

Business email compromise is not one attack, it is three: exact-domain spoofing, cousin-domain spoofing, and a genuinely compromised account. DMARC at reject only stops the first. This checklist maps each control to the attack it actually blocks, then ranks them so you fix the highest-leverage gaps first, starting with a free authentication check of your own domain.

3 jul 20268 min lezen
security

SPF +all Is the Most Dangerous Setting in Email: Here's Why

An SPF record ending in +all tells every receiving server that any IP on the internet is allowed to send mail as your domain. It is the one SPF setting that actively helps attackers spoof you. This guide shows the real phishing and reputation fallout, clears up the -all vs ~all vs ?all confusion, and gives you a safe migration path from softfail to hardfail you can confirm with a free lookup.

3 jul 20266 min lezen
Pagina 1 van 2Volgende