https://news.excello.email/tags/authentication/Recent content in Authentication on Daily DMARC NewsHugoen-USSat, 06 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-06-microsoft-outlook-inbox-placement-crisis-authentication-gap/Sat, 06 Jun 2026 08:00:00 +0000https://news.excello.email/posts/2026-06-06-microsoft-outlook-inbox-placement-crisis-authentication-gap/<p>The enforcement wave worked &ndash; partially.</p> <p>When Google, Yahoo, and Microsoft rolled out hard authentication requirements between 2024 and 2025, the goal was to flush unauthenticated bulk mail from the ecosystem. That objective has largely been met. Senders who do not publish SPF, DKIM, and at least a nominal DMARC record are now rejected at the SMTP level before their mail ever reaches a recipient.</p> <p>But a new problem has emerged in the gap between &ldquo;delivered to the server&rdquo; and &ldquo;reached the inbox.&rdquo; And the numbers behind it are striking.</p>https://news.excello.email/posts/2026-05-30-spf-lookup-limit-saas-sprawl-email-deliverability/Sat, 30 May 2026 09:00:00 +0000https://news.excello.email/posts/2026-05-30-spf-lookup-limit-saas-sprawl-email-deliverability/<p>Every organization that has grown its software stack over the past few years carries a potential deliverability fault line inside a DNS record most people never look at. The SPF record, a short TXT entry that authorizes which servers are allowed to send email on behalf of your domain, was designed for a simpler era. RFC 7208, the standard that governs SPF, imposes a hard limit of 10 DNS mechanism lookups per evaluation. In 2026, with the average mid-sized organization running Microsoft 365, a CRM, a marketing platform, a transactional email service, a customer support tool, and several more SaaS applications that all send email bearing the company domain, that limit is not a theoretical edge case. It is a trap that teams walk into every time they provision a new tool.</p>