DMARCPulse
Get started — free

Blog

News, tips and insights about email security.

Microsoft Tightens Email Authentication: DMARC Enforcement from May 2025 – What IT Admins Need to Know Now

Microsoft Tightens Email Authentication: DMARC Enforcement from May 2025 – What IT Admins Need to Know Now

Microsoft joins the enforcement club As of May 2025, Microsoft has introduced mandatory email authentication requirements for messages delivered to…

Read more
Sender Inventory as Production Infrastructure: Why Companies Must Register Every Email Sender

Sender Inventory as Production Infrastructure: Why Companies Must Register Every Email Sender

Email sending is production infrastructure — and it's still treated like a side project Imagine a developer deploying a new microservice without a ticket,…

Read more
CVE-2026-42897: Exchange Flaw Enables Email Spoofing via XSS – What DMARC Can and Cannot Do

CVE-2026-42897: Exchange Flaw Enables Email Spoofing via XSS – What DMARC Can and Cannot Do

A new Exchange vulnerability is being actively exploited Microsoft has confirmed a critical vulnerability in Exchange Server: CVE-2026-42897 allows attackers…

Read more
npm Staged Publishing and 2FA: New Defenses Against Supply-Chain Attacks – and Why Email Authentication Is the Foundation

npm Staged Publishing and 2FA: New Defenses Against Supply-Chain Attacks – and Why Email Authentication Is the Foundation

npm Raises the Bar for Package Publishing Security npm has introduced two new mechanisms designed to make supply-chain attacks significantly harder: Staged…

Read more
TanStack Supply-Chain Attack: How Email Vectors Put Organizations Like OpenAI at Risk

TanStack Supply-Chain Attack: How Email Vectors Put Organizations Like OpenAI at Risk

What Happened? In May 2026, attackers compromised the TanStack ecosystem — a widely used JavaScript library — to inject malware into the development…

Read more
Ghostwriter Phishing Against Ukrainian Government: When DMARC Says "All Clear" But Shouldn't

Ghostwriter Phishing Against Ukrainian Government: When DMARC Says "All Clear" But Shouldn't

The Attack That DMARC Cannot Stop In May 2026, it emerged that Ghostwriter — a long-running threat actor widely attributed to Belarus — had been running…

Read more
NIS2 Compliance Report at the Click of a Button

NIS2 Compliance Report at the Click of a Button

NIS2 is live — and so is the pressure to prove it Since NIS2 was transposed into national law, IT teams across Europe have been wrestling with a practical…

Read more
External Destination Verification: Why Your DMARC Reports Disappear Without a Trace

External Destination Verification: Why Your DMARC Reports Disappear Without a Trace

What Is External Destination Verification? When you configure DMARC to send aggregate reports to an external email address — meaning a domain other than your…

Read more
DMARCbis: What the DMARC Specification Update Means for Your Organisation

DMARCbis: What the DMARC Specification Update Means for Your Organisation

DMARC grows up RFC 7489, published in 2015, has been the backbone of email authentication for nearly a decade.

Read more
Why your DMARC report shows 46% fail — and why only 3% of it matters

Why your DMARC report shows 46% fail — and why only 3% of it matters

Red report, green delivery — how does that add up? You open your DMARC aggregate report and see 46% SPF fail. First instinct: something is broken, or someone i…

Read more