CaptainDNS Blog

DNS, email authentication, AI integrations and product updates.

Technical guides, comparisons and insights on public DNS resolvers (Cloudflare, Google, Quad9), email authentication (SPF, DKIM, DMARC, BIMI, ARC) and deliverability. Learn how to configure Amazon SES, Brevo, SendGrid or Mailjet, and explore our AI integrations with ChatGPT and the MCP protocol. Whether you're a sysadmin, developer or marketing manager, find best practices here to secure your domains and optimize your email delivery.

Articles

June 2026

Diagram of a CAA DNS record acting as an allowlist in front of certificate authorities before a TLS certificate is issued

CaptainDNS · June 9, 2026

CAA DNS records: the complete guide to controlling who issues your certificates

Everything about the CAA DNS record: syntax, issue/issuewild/iodef tags, critical flag, inheritance, RFC 8659 and 8657, multi-provider setup, and auditing.

Timeline of ARC's IETF status moving from Proposed Standard to Historic in 2026, with successor DKIM2

CaptainDNS · June 8, 2026

ARC moves to "Historic" status at the IETF: should you still care in 2026?

The IETF is reclassifying ARC (RFC 8617) as "Historic." But deprecated on paper does not mean dead in practice: Apple, Google and Microsoft still require it. Here is what really changes and what you should do.

Diagram of how Microsoft 365 computes the compauth composite authentication verdict from SPF, DKIM, DMARC and internal signals

CaptainDNS · June 1, 2026

Compauth=fail on Microsoft 365: understanding composite authentication and fixing the reason codes

Decode Microsoft 365's compauth verdict: complete reason codes table (000, 001, 010, 601...), diagnosis and SPF, DKIM, DMARC fixes.

May 2026

Central email deliverability score gauge surrounded by the five pillars: SPF DKIM DMARC authentication, IP and domain reputation, MTA-STS DANE TLS-RPT transport security, BIMI and engagement

CaptainDNS · May 29, 2026

Email deliverability score: what it's made of and how to improve it

The email deliverability score is not a black box. It rests on five measurable pillars: authentication, reputation, transport security, BIMI and engagement. This guide breaks them down and gives the thresholds to aim for.

CI/CD pipeline with DKIM validation: pre-commit hooks, GitHub Actions, GitLab CI, Terraform, and a post-deploy smoke test

CaptainDNS · May 19, 2026

Validate DKIM in your CI/CD: catch broken records before production

How to plug DKIM validation into GitHub Actions, GitLab CI, Terraform, and pre-commit to block broken records before they reach the merge button.

Operational timeline for rotating a DKIM key in production over 37 days (D-7 to D+30)

CaptainDNS · May 19, 2026

DKIM key rotation: operational runbook (D-7 to D+30)

Calendar runbook to rotate your DKIM keys in production without downtime: D-7/D+30 timeline, openssl scripts, KMS integration, Office 365 and AWS SES.

DORA, NIS2 and status page triangle on a 4h / 24h / 72h timeline background: EU 2026 compliance evidence for B2B SaaS

CaptainDNS · May 18, 2026

DORA, NIS2 and status pages: turning incident communication into EU compliance evidence

In 2026, the status page is no longer a marketing tool. It is an admissible audit artifact for DORA, NIS2 and GDPR. A complete operational guide.

Comparative diagram of how GPTBot, ClaudeBot and PerplexityBot behave on an HTTP redirect chain 301, 302 and 308

CaptainDNS · May 11, 2026

HTTP redirects and AI crawlers in 2026: what GPTBot, ClaudeBot and PerplexityBot really see on your site

GPTBot, ClaudeBot and PerplexityBot do not follow redirects like Googlebot. Understand their actual behavior to stay visible in ChatGPT, Claude and Perplexity.

Phishing vs spear phishing 2026 comparison: mass email versus targeted OSINT attack, with deepfake, BEC, and DMARC defenses

CaptainDNS · May 4, 2026

Phishing vs spear phishing: what's the difference in 2026?

Phishing targets the masses, spear phishing targets the person. In 2026, AI, OSINT, and deepfakes blur the line. Full breakdown with real cases and defenses.

April 2026

HSTS and the preload list: the Strict-Transport-Security directives that force HTTPS

CaptainDNS · April 24, 2026

HSTS: the complete guide to enable Strict-Transport-Security and the preload list

HSTS (RFC 6797) forces browsers to contact your site only over HTTPS. This guide covers the protocol, the directives, per-stack configurations and how to submit to the Chrome preload list.