Guides

Plain-English explainers for the DNS records behind email security — what each one does, how it's structured, and how to set it up. Each guide pairs with a free checker.

DMARC, explained — and how to set it up

DMARC is the record that actually stops people spoofing your domain. Here's how it works and how to roll it out safely.

SPF records, explained — and how to set one up

SPF lists the servers allowed to send email as your domain. Get it right and your mail stays out of spam; get it wrong and it can make things worse.

MTA-STS, explained — and how to set it up

MTA-STS forces other servers to deliver mail to you over an encrypted connection — closing the door on downgrade attacks.

BIMI, explained — and how to set it up

BIMI puts your brand logo next to authenticated email in the inbox — a trust signal you only earn once your authentication is solid.

DNSSEC, explained — and how to enable it

DNSSEC signs your DNS so answers can't be forged in transit — protecting your mail and website from redirection.

DKIM, explained — and how to set it up

DKIM cryptographically signs your outgoing mail so receivers can prove it's genuinely from you and wasn't tampered with.

Fixes & troubleshooting

Why is my email going to spam?

The real causes and a step-by-step checklist to get back to the inbox.

Fix SPF “too many DNS lookups” (PermError)

What the 10-lookup limit means and five ways to get under it.