Email and web security, in plain English.

Domain-based Message Authentication, Reporting and Conformance.

Tells receiving mail servers what to do with messages that fail SPF and DKIM checks, and reports back when someone tries to spoof your domain.

Sender Policy Framework.

A DNS record that lists which mail servers are allowed to send email from your domain. The first line of defence against impersonation.

DomainKeys Identified Mail.

A cryptographic signature on every outbound message, proving the email really came from your domain and was not tampered with in transit.

Mail Transfer Agent Strict Transport Security.

Forces other mail servers to use encrypted TLS connections when delivering mail to your domain, so an attacker on the path cannot read it.

HTTP Strict Transport Security.

A response header that tells browsers to only ever talk to your website over HTTPS, even if a visitor types the address without the s.

Content Security Policy.

A response header that controls which scripts, styles and assets a browser is allowed to load on your site. The strongest defence against cross-site scripting.

Domain Name System Security Extensions.

Cryptographic signatures on your DNS records, so the rest of the internet can detect when an attacker has tampered with the answers your domain hands out.