SPF vs DKIM vs DMARC: What MSPs Need to Know
MSPs get asked about SPF, DKIM, and DMARC constantly -- usually the week before a client's insurance renewal. Here's the practical breakdown: what each record does, what it doesn't do, how they work together through DMARC alignment, and how to audit your entire client base before an underwriter does.
Why Your SSL Certificate Passed But Your Insurance Application Failed
A green padlock means your connection is encrypted. It says nothing about your email security, open ports, or the admin panel exposed on port 8080. Underwriters check all of it.
We Scanned 73 Domains. 41% Failed DMARC.
Cyber insurers require DMARC on renewal applications. We scanned domains across the insurance and MSP security ecosystem. The results are worse than you'd expect.
We Scanned 29 Cyber Insurance Providers. Half Had Email Auth Gaps.
Cyber insurers require DMARC from their customers. We checked if they enforce it on their own domains. Many don't.
BitSight Alternative for MSPs: 4 Tools That Don't Cost $30,000/Year
Every 'BitSight alternative' article recommends UpGuard or SecurityScorecard — both enterprise tools, both $10K+/yr. Here's an honest breakdown of what MSPs actually need and what each tool really costs.
DMARC Check API: How MSPs Query Email Auth Records Programmatically
MxToolbox works for one domain at a time. Here's how to check DMARC, SPF, DKIM, SSL, and open ports programmatically across your entire client base — with working code.
Stay ahead of compliance risk
Get started with a free external attack surface scan. No credit card required.