SPF, DKIM, DMARC, MTA-STS, BIMI — authenticate your email, prevent spoofing, reach the inbox
View business emailStart here if you are new to email authentication.
SPF, DKIM and DMARC explained for UK businesses: how the three pillars of email authentication work together to stop spoofing…
The full UK email security stack: DNSSEC, SPF, DKIM, DMARC, MTA-STS, DANE, ARC, TLS-RPT and BIMI. How the nine protocols layer…
A cross-referenced A-to-Z glossary of SPF, DKIM, DMARC, MTA-STS, DANE, ARC, BIMI, DNSSEC terminology, with UK regulatory terms…
Sender Policy Framework — authorise which servers can send from your domain.
Sender Policy Framework explained for UK businesses: how SPF works, writing and validating records, the 10-lookup limit…
Complete SPF reference for UK domains: every mechanism, qualifier, modifier and macro from RFC 7208, with worked examples, DNS…
Copy-paste SPF snippets for UK businesses: Microsoft 365, Google Workspace, SmartXHosting, Mailchimp, SendGrid, Amazon SES…
The SPF 10-lookup rule explained for UK domains: how to count lookups, void lookups, detection tools, and three remediation…
SPF flattening explained for UK businesses: when it helps, when it hurts, manual and scripted approaches, hosted vendors and the…
Why SPF fails on forwarded email and how UK senders compensate: DKIM survival, ARC authentication preservation, SRS rewriting…
DomainKeys Identified Mail — cryptographic signatures on outbound messages.
DomainKeys Identified Mail explained for UK businesses: cryptographic signing, DNS records, RSA vs Ed25519, selectors…
Step-by-step DKIM tutorial for UK businesses: selector naming, key generation, DNS publication, enabling signing, provider…
Tag-by-tag reference for the DKIM-Signature header (RFC 6376, RFC 8463): v, a, c, d, s, h, bh, b, t, x explained, with worked…
Quarterly DKIM key rotation tutorial for UK businesses: generating new keys, DNS overlap, switching the signer, verification…
Configure third-party services (Mailchimp, SendGrid, Salesforce, HubSpot, Zoho, Amazon SES) to sign with your domain's DKIM via…
Policy and reporting on SPF and DKIM alignment.
DMARC explained for UK businesses: how the policy, alignment and reporting layer closes the From-header gap in SPF and DKIM, with…
Tag-by-tag DMARC record reference for UK businesses: v, p, adkim, aspf, sp, pct, rua, ruf, fo, rf with permitted values, worked…
DMARC alignment explained: SPF alignment, DKIM alignment, relaxed vs strict modes, organisational domain, worked examples for UK…
DMARC policies explained: p=none, p=quarantine, p=reject and how pct= modulates enforcement. Progression path, UK maturity…
Step-by-step DMARC rollout for UK businesses: sender inventory, SPF/DKIM fixes, monitoring, gradual progression from p=none…
Complete guide to DMARC aggregate reports (RUA) for UK businesses: structure, delivery, reading XML reports, processing tools…
DMARC forensic (RUF) reports explained for UK businesses: what they contain, why major receivers rarely send them, privacy…
DMARC subdomain policy (sp= tag) explained for UK businesses: policy discovery, dedicated subdomain records, non-sending…
Encrypt SMTP in transit — STARTTLS, MTA-STS, DANE, TLS-RPT.
STARTTLS explained for UK businesses: how opportunistic TLS upgrades SMTP connections, downgrade attacks, implicit TLS…
All email ports explained for UK businesses: 25, 465, 587 for submission and delivery; 143, 993, 110, 995 for mailbox access…
MTA-STS tutorial for UK businesses: DNS record, HTTPS policy file, testing mode, TLS-RPT monitoring, progression to enforce mode…
Field-by-field reference for MTA-STS policy files (RFC 8461) for UK businesses: version, mode, mx, max_age, HTTP/HTTPS…
DANE (RFC 6698) explained for UK email: TLSA record structure, usage/selector/matching fields, the common 3 1 1 pattern, DNSSEC…
TLS-RPT (RFC 8460) explained for UK businesses: DNS record, JSON report format, failure types, processing services and…
ARC, BIMI, DNSSEC and non-sending domain protection.
ARC (RFC 8617) explained for UK businesses: how forwarders preserve DMARC results across hops, the three ARC headers, chain…
BIMI explained for UK businesses: prerequisites, DNS record, SVG Tiny 1.2 logo, VMC certificate, receiver support (Gmail, Yahoo…
Verified Mark Certificates for BIMI: issuance from DigiCert or Entrust, UK IPO trademark prerequisites, costs, renewal, CMC…
DNSSEC explained for UK email: why it matters for SPF/DKIM/DMARC/DANE, how signing works, KSK/ZSK keys, DS records, UK DNS…
Lock down non-sending UK domains against spoofing: null SPF (v=spf1 -all), null DKIM (*._domainkey empty p=), restrictive DMARC…
DNS records and headers that underpin email routing and delivery.
MX records explained for UK businesses: format, priority and failover, resolution process, null MX for non-sending, common UK…
PTR records explained for UK mail servers: FCrDNS, why receivers check PTR, who controls reverse DNS, UK hosting providers, IPv6…
DNS TXT record size limits for UK email: 255-char strings, UDP 512, EDNS0, TCP fallback, splitting long records, impact on…
The Authentication-Results header (RFC 8601) explained for UK email: format, methods (SPF/DKIM/DMARC/ARC/iprev/BIMI), result…
Sender reputation, blocklists, feedback loops and bounces.
Sender reputation for UK mail: IP vs domain reputation, authentication foundation, engagement signals, complaint rates…
DNS blocklists tutorial for UK mail: Spamhaus, SpamCop, Barracuda, UCEPROTECT checks, root cause analysis, delisting procedures…
Feedback loops (FBLs) for UK email senders: Microsoft JMRP/SNDS, Google Postmaster Tools, Yahoo CFL, ARF format, enrolment…
Bounce management for UK mail senders: hard vs soft bounces, SMTP response codes, enhanced status codes (RFC 3463), processing…
Bulk-sender rules and audit checklists for UK business senders.
Google/Yahoo 2024 bulk sender rules for UK mail: 5,000/day threshold, SPF/DKIM/DMARC required, one-click unsubscribe, 0.3% spam…
Microsoft 2025 bulk sender rules for UK mail to Outlook.com/Hotmail: requirements, differences from Google/Yahoo, SNDS enrolment…
Comprehensive audit checklist for UK email authentication: DNSSEC, SPF, DKIM, DMARC, transport security, infrastructure hygiene…
Diagnose and fix real-world email authentication and delivery problems.
Diagnostic tutorial for SPF failures in UK email: spf=fail, softfail, permerror, temperror, none. Decision tree, diagnostic…
Diagnostic tutorial for DKIM failures: signature verification, body hash mismatch, missing keys, alignment issues. UK deployment…
Diagnostic tutorial for DMARC alignment failures: SPF/DKIM pass individually but DMARC fails. Third-party senders, subdomains…
Systematic troubleshooting for UK emails landing in spam: authentication, reputation, blocklists, content, list hygiene…
Diagnostic flowchart for UK email delivery failures: bounces, queues, DNS, SMTP connectivity, authentication, receiver-side…
Platform-level controls on Axigen, the mail server behind SmartXHosting.
Email firewall layers for UK businesses: IP restrictions, rate limiting, geographic blocking, admin access, authentication, DDoS…
Hardening defaults, transport security, authentication policies and UK-specific deployment patterns for the Axigen mail server…
Editorial articles on deliverability, security and compliance for UK SMEs.
Complete UK email deliverability guide for 2026: authentication, infrastructure, reputation, content, engagement, list hygiene…
Practical email security playbook for UK SMEs in 2026: AI phishing, BEC, ransomware, QR attacks, authentication, user training…
End-to-end deployment tutorial for UK businesses: SPF, DKIM, DMARC configuration in a coherent flow, with sender inventory, DNS…
Choosing GDPR-compliant email hosting for UK businesses 2026: data residency, CLOUD Act, encryption, DPA requirements, ICO…