Glossary

DNS & email security terms

Plain-English blurbs for the acronyms everyone throws around. Jump into a term, then open the tool we linked to prove it in DNS.

• Dangling DNS Record

  A DNS entry — often a CNAME — still pointing at a deleted external service; attackers can claim the target and host content under your subdomain.

• Certificate Transparency

  Public logs of every TLS certificate issued — used to discover subdomains (including forgotten ones) and to power dangling-record scans.

• Homoglyph Attack

  Lookalike characters in domain names (0 vs O, 1 vs l) used to fool users and filters in phishing.

• DMARC rua= Tag

  Where daily aggregate XML reports are mailed — without rua= you cannot monitor who sends as your domain.

• DMARC ruf= Tag

  Optional per-message forensic reports on DMARC failures — privacy-heavy; most senders rely on rua= only.

• SPF include: Mechanism

  Pulls another domain's SPF into yours; each include: costs lookups toward the SPF 10-lookup limit.

• SPF ~all and -all

  Default for senders not listed in SPF: softfail (~all) vs hardfail (-all).

• Mail Server

  Sends and receives email over SMTP; identified by MX; needs SPF, DKIM, DMARC, and PTR for healthy delivery.

• TLS Encryption for Email

  Encrypts mail in transit; STARTTLS alone is downgradeable without MTA-STS.

• SPF Neutral (?all)

  No policy assertion — treated like weak/absent SPF; use ~all or -all instead.

• SPF Record

  A TXT record that says which servers may send mail for your domain. DNS only gives you ~10 “lookups” before mail servers throw up their hands.

• DKIM

  Cryptographic signatures on outgoing mail. Receivers fetch your public key from DNS and verify the message wasn’t tampered with.

• DMARC

  Tells receivers what to do when SPF or DKIM fails, and where to email aggregate reports (rua=).

• DMARC Alignment

  Your From: domain has to match the domain that passed SPF or DKIM — third-party ESPs break this unless you brand correctly.

• PTR Record

  Reverse DNS: IP → hostname. Spam filters expect it to line up with your sending name.

• Email Spoofing

  Faking the From: address. SPF, DKIM, and DMARC exist to make that harder.

• Subdomain Takeover

  You pointed blog.example.com at GitHub, then deleted the repo — an attacker can claim it and serve content on your subdomain.

• Typosquatting

  Registering gooogle.com-style names to catch typos and phish your users.

• Email Deliverability

  Whether mail hits the inbox vs spam — auth, reputation, content, and engagement together.

• Email Blacklist (Blocklist)

  Real-time lists of IPs and domains known for spam — receivers may reject before SPF/DKIM.

• MX Record

  DNS rows that say which server receives mail for the domain — no MX, no inbound delivery.

• DMARC Policy

  The p= tag: none, quarantine, or reject — start loose, tighten after reports look clean.

• DMARC p=none

  Monitoring only — mail still lands in the inbox; rua= aggregate reports are why you run it.

• DMARC p=quarantine

  Failing DMARC sends mail to spam — the step between p=none and full p=reject; use pct= for gradual rollout.

• SPF PermError

  SPF can’t be evaluated — usually too many lookups or bad syntax. Often treated like a hard fail.

• Email Authentication

  SPF, DKIM, and DMARC together prove who sent mail and what receivers should do when auth fails.

• DMARC Aggregate Report

  Daily XML (RUA) from big inboxes — who sent as your domain and whether SPF/DKIM passed.

• Reverse DNS (rDNS)

  IP → hostname via PTR; FCrDNS checks the hostname resolves back to the same IP.

• SPF SoftFail

  ~all — not authorised, but “suspicious” rather than always hard-fail.

• DKIM Selector

  The s= name that points at selector._domainkey — multiple keys per domain.

• CNAME Record

  Hostname → hostname; ESPs use CNAMEs so they can rotate DKIM keys without you editing TXT.

• TXT Record

  Where SPF, DKIM, and DMARC strings live — plus vendor verification tokens.

• WHOIS

  Registration lookup — registrar, expiry, nameservers; modern stacks use RDAP JSON.

• Domain Expiry

  When renewal lapses, DNS stops — sites and mail drop; squatters wait in the queue.

• DNSSEC

  Signed DNS answers — stops cache poisoning; separate from SPF/DKIM/DMARC for mail.

• Catch-All Email Address

  Inbox that accepts anything@ — convenient, but spam and dictionary attacks love it.

• Mail Exchanger

  The server named by MX that receives SMTP on port 25 — needs A record and ideally matching PTR.

• Bounce Rate

  Bounce rate is the percentage of emails that could not be delivered — split into hard bounces (permanent: bad address, domain doesn’t exist) and soft bounces (temporary: mailbox full, server timeout). High bounce rates d…

• Spam Trap

  A spam trap is an email address used to identify senders who use bad lists. Pristine traps were never real addresses — hitting one means you bought, scraped, or generated addresses. Recycled traps were once real addresse…

• Email Header

  Email headers are metadata attached to every message: delivery path, authentication results (SPF, DKIM, DMARC), timestamps, and Received hops. Recipients rarely see them — “Show original” in Gmail exposes the full chain.

• Return-Path

  Return-Path is the envelope sender used for bounces — separate from the visible From: header. SPF checks the Return-Path domain (or HELO/EHLO context). DMARC alignment compares Return-Path domain to the From: domain for …

• DKIM Signature

  A DKIM signature is a cryptographic hash of the body and selected headers, signed with the sender’s private key. It appears in the DKIM-Signature header. Receivers verify using the public key at selector._domainkey.domai…

• SMTP

  SMTP is the standard protocol for sending email between servers — typically port 25 for server-to-server relay and port 587 (or 465) for authenticated submission. SMTP alone does not authenticate senders — SPF, DKIM, and…

• Email Spoofing vs Phishing

  Spoofing is forging the From: header (and related envelope data) to impersonate a domain. Phishing is using deceptive email to steal credentials or install malware. Spoofing is a technical technique; phishing is the atta…

• DNSBL (DNS Blacklist)

  A DNSBL is a DNS-based blocklist: mail servers query a special DNS zone with a reversed IP embedded in the query. Example: for 1.2.3.4, query 4.3.2.1.zen.spamhaus.org — NXDOMAIN means not listed; an A record response mea…

• Email Warm-Up

  Email warm-up is gradually increasing send volume from a new IP address so mailbox providers build positive reputation instead of flagging a sudden spike as abuse. Cold IPs with high volume trigger spam filters — warm-up…

• List-Unsubscribe Header

  The List-Unsubscribe header (RFC 2369, extended by RFC 8058) lets mail clients show an unsubscribe button next to the message. Bulk senders to Google and Yahoo require one-click unsubscribe support — List-Unsubscribe-Pos…

• SPF Alignment

  SPF alignment is the DMARC check that the Return-Path domain matches the From: header’s organizational domain. Relaxed alignment allows subdomain matches; strict requires exact host match. SPF alignment fails when ESPs u…

• DKIM Alignment

  DKIM alignment verifies the d= domain in the DKIM-Signature matches the From: header’s organizational domain. Relaxed alignment allows subdomain relationships; strict requires exact match. Most ESPs achieve alignment via…

• IP Reputation

  IP reputation is a trust score mailbox providers assign to a sending IP based on history: bounces, spam complaints, spam trap hits, and blocklist appearances. It affects delivery independently of domain reputation — a ba…

• Envelope Sender

  The envelope sender is the address in the SMTP MAIL FROM command — also called Return-Path or bounce address. It is separate from the visible From: header. SPF validates against the envelope domain — DMARC alignment requ…

• Feedback Loop (FBL)

  A feedback loop is a service where mailbox providers forward spam complaints (FBL reports) to the sender when users click “Report spam.” Registered senders receive complaint notifications so they can remove complainers a…