SPF

Email Security Foundations #05 – DKIM deep dive: signing, selectors and how verification works

by

This post is part of the Email Security Foundations series on MSDigest.net. What DKIM actually does DKIM stands for DomainKeys Identified Mail. Where SPF checks where a message came from, DKIM proves that the message hasn’t been changed while it was in transit. When you send an email, your mail server adds a cryptographic signature to the message. When the receiving server gets it, it looks up your public key in DNS and uses that …

Read more

Email Security Foundations #04: SPF mistakes, troubleshooting, and validation

by

This post is part of the Email Security Foundations series on MSDigest.net. The mistakes that break SPF quietly SPF usually does not fail in loud or obvious ways. Mail does not bounce with a helpful error message. It just gets filtered, delayed, or rejected somewhere else. You only find out when someone eventually asks, “Did you get my email?” These are the mistakes I see most often, and how to fix them. Multiple SPF records …

Read more

Email Security Foundations #03: SPF deep dive – how it works and how to configure it

by

This post is part of the Email Security Foundations series on MSDigest.net. What SPF actually does SPF, Sender Policy Framework, is simply a way to publish a list in DNS of which servers are allowed to send email for your domain. When a receiving mail server gets a message claiming to be from yourdomain.com, it looks up your SPF record and checks whether the sending server is on that list. That’s it.That’s the whole idea. …

Read more

Email Security Foundations #02: SPF, DKIM, DMARC, DANE, MTA-STS and BIMI explained

by

This post is part of the Email Security Foundations series on MSDigest.net. The goal of the series is simple. Explain SPF, DKIM, DMARC, DANE, MTA‑STS, and BIMI in a way that actually helps Microsoft 365 admins run safer email. Before we go deep, here is the map In post #01 we looked at why email authentication still matters and why spoofing is still so effective. Before diving into each technology on its own, it helps …

Read more

Email Security Foundations #01: Why email is still the most dangerous attack surface

by

This post kicks off the Email Security Foundations series here on MSDigest.net. It’s a practical, no‑nonsense walkthrough of SPF, DKIM, DMARC, DANE, MTA‑STS, and BIMI written specifically for Microsoft 365 admins who want email to stop being the weakest link. Email spoofing remains one of the most effective attacks on the internet, largely because most organizations still allow it. The attack that really should not still work in 2026 A classic example is a Business …

Read more