DMARCbis Is Official: RFC 9989 Upgrades DMARC From Suggestion to Standard

In May 2026, the IETF quietly did something that email administrators have been waiting on for years: they published RFC 9989, RFC 9990, and RFC 9991 — collectively known as DMARCbis. These three documents replace RFC 7489, which has been the authoritative reference for DMARC since 2015. The headline change isn’t technical; it’s procedural. The original RFC 7489 was published as an Informational document, meaning it described what the industry was already doing, not what it was required to do. DMARCbis arrives as a Proposed Standard on the IETF Standards Track — the first formal step toward becoming an Internet Standard. In plain terms: DMARC just graduated from “strong industry recommendation” to “official protocol.” ...

June 22, 2026 · 4 min

Rspamd 4.1.0: Security Fixes, a Reworked MX Check, and a Breaking Symbol Rename

Rspamd 4.1.0 dropped on June 5 — a major release tagged “recommended upgrade for all users” by the development team. There’s enough in it that’s immediately relevant to anyone running a mail server to warrant reading the changelog before blindly upgrading. The security fixes This release addresses several memory-safety issues that can be triggered by crafted incoming mail. S/MIME DoS via recursive PKCS7: A deeply nested application/pkcs7-mime message re-entered the parser without incrementing the nesting counter. In practice this means a malicious sender could craft a message that exhausts your rspamd worker’s stack. The fix gates S/MIME re-entry against the existing max_nested limit. ...

June 7, 2026 · 3 min

Microsoft Joined the DMARC Club — Is Your Domain Ready?

Google and Yahoo dropped their email authentication hammer in February 2024. Microsoft watched that unfold, nodded slowly, and then did the same thing on May 5, 2025. If your domain hasn’t sorted out SPF, DKIM, and DMARC by now, a chunk of your outbound mail is already being rejected — silently, with no bounce to show for it. What Microsoft Actually Requires For anyone sending 5,000 or more messages per day to Microsoft consumer addresses (@outlook.com, @hotmail.com, @live.com), the requirements are: ...

May 31, 2026 · 4 min