Meysam

PCI DSS 4.0 section 5.4.1: anti-phishing controls are now mandatory if your organization processes card payments, this applies to you since march 2025, PCI DSS 4.0 requires mechanisms to detect and protect against phishing DMARC at enforcement is the most direct technical control you can implement it prevents attackers from spoofing your exact domain in phishing emails targeting your customers and employees the standard doesn't name DMARC explicitly it says "anti-phishing mechanisms." but when your Qualified Security Assessor (QSA) asks how you prevent domain spoofing in email, "we have dmarc at p=reject with spf and dkim aligned" is the answer that closes the finding don't wait for the audit dmarcguard.io/learn/pci-dss/ #DMARC #EmailSecurity #PCIDSS #Compliance

quick poll for email admins: what's your current dmarc policy? - [ ] p=none (monitoring only) - [ ] p=quarantine - [ ] p=reject (full enforcement) - [ ] I don't have one yet - [ ] i'm not sure no judgment on any answer most of the 5.5m domains I scanned don't have one at all if you're at p=none and unsure when to move to enforcement, the honest answer is... it depends on how long you've been collecting reports and whether you've identified all your legitimate senders rushing to p=reject without that data means blocking your own email what's holding you back from enforcement? drop your answer I'll share specific guidance based on the most common blockers next week dmarcguard.io/tools/dmarc-ch… #DMARC #EmailSecurity #EmailAdmin #SysAdmin

the DMARC market has a coverage problem nobody talks about most DMARC vendors monitor 3-5 protocols: DMARC, SPF, DKIM, maybe BIMI, maybe MTA-STS but email authentication in 2026 involves 9 protocols ARC (RFC 8617) matters because mailing lists and forwarding break DKIM without ARC chain validation, you're blind to why legitimate mail fails DANE (RFC 7671) matters because TLS certificate pinning via DNSSEC is becoming a NIS2 compliance expectation in the EU TLS-RPT (RFC 8460) matters because you need to know when encrypted delivery fails I've looked at every major vendor's feature page zero offer ARC chain analysis most ignore DANE entirely if your monitoring tool covers half the stack, you're monitoring half the picture dmarcguard.io/learn/arc/ #DMARC #EmailSecurity #ARC #NIS2

I scanned 5.5 million domains here's what the data actually says about dmarc adoption the numbers: - 30.4% of domains have a dmarc record published. sounds decent until you dig in - only 12.8% are at enforcement. meaning p=quarantine or p=reject - the remaining 17.6% are at p=none, which is monitoring-only. it does nothing to stop spoofing - and 2.7% of domains with spf records have lookup errors. too many includes, syntax mistakes, conflicting records these domains think they're protected they're not the gap between "has a record" and "is actually enforced" is where every phishing attack lives publishing a dmarc record at p=none is like installing a security camera that only records but never alerts anyone dmarcguard.io/research/email… #DMARC #EmailSecurity #CyberSecurityResearch #EmailAuthentication

your domain's email health isn't just dmarc it's 9 protocols working together most people check their dmarc record and stop there but email authentication is a chain: - spf validates sender ips - dkim signs message content - dmarc ties them together with policy and .. - then there's mta-sts enforcing tls on transport - tls-rpt reporting delivery failures - bimi displaying your logo - arc preserving authentication through forwards - dane pinning certificates via dnssec - and arf for abuse reporting I built the domain health check to evaluate all of these in one scan paste your domain, get a protocol-by-protocol breakdown with specific dns records to add or fix no account needed I've seen domains with perfect dmarc but completely missing mta-sts meaning their mail could be intercepted in transit despite passing authentication. dmarcguard.io/tools/domain-h… #DMARC #EmailSecurity #MTASTS #DomainHealth

Google & Microsoft are rejecting unauthenticated emails I scanned 5.5M domains Only 30.4% have a DMARC record Only 12.8% are at enforcement (p=quarantine or p=reject) 87% of domains are exposed What about yours? Check here for free dmarcguard.io/tools/dmarc-ch… #DMARC #EmailSecurity

merging this... what could go wrong! #git #dev #programming

We're live on Uneed 🥳 to everyone who has supported us over the past few weeks and months, thank you 🫡 please give us an upvote and ideally a comment of love cheers 🥂 uneed.best/tool/awesome-d… #buildinpublic #indiehackers

@Tobby_scraper awesome-directories.com

LIST of all Launch platforms v3 : (# mentioned in replies) Peerpush (3) ProductHunt (3) Uneed (3) LaunchIgniter (2) Micro Launch (2) Foundrlist (2) IndieHackers (2) LaunchDirectories (2) SaaSHub (2) AILaunch (1) AItoolonline (1) BetaList (1) DevHunt (1) DirectoryHunt (1) Fazier (1) Firsto (1) HackerNews (1) PeerList (1) Proofy (1) Reddit (1) ShipYard HQ (1) Shipsquad (1) Slocco (1) Stacker News (1) TinyLaunch (1) ToolFame (1) TryLaunch (1) TwelveTools (1) tinystartups (1) neeed directory (1) theresanaifortha (1) turbo0 (1) indie deals (1) ShowMeBestAI (1) IndieTools (1) ToolFame (1) SaaSFame (1) launchdubai (1) launchurapp (1) I’ll update the list next week based on replies!

@d4m1n what about the screenshots? gemini?

1-shotted the code for this in Cursor (workflow in replies). is it clean or what?!

@T_Zahil I have never tried yarn before and now I know I never missed a thing

I switched from Yarn to Bun recently Uneed's build time went from 9m to 5m 🤯

just when you think your idea failed... I got an email from a competitor about backlink exchange.. I checked, I ranked 2nd on google for the topic it's crazy business is still a world of wonder to me... never ceases to surprise me 🫠 #buildinpublic #indiehackers

@audiencon that's solid right there respect

The customer support hack: Your first 10 support tickets are not problems; they're your feature roadmap.

@victor_bigfield great job man a win is a win congrats and keep it up

I woke up this morning after sleeping for 10 hours because of a bad flu that still has me stuck in bed And I see this post that has gone viral 👇 Note to self: do more exit 😂

@eliana_jordan I love the key takeaways and reading your journey: Launch fast Build what you would use yourself Document your journey Grow an audience it's only going upward from here congrats on your journey

Just got featured in a newsletter. Crazy to think my story is now something people want to read. 🤯

@SaidAitmbarek crazy growth... and one to look up to 🫡 congrats

Spent 2 years growing Microlaunch. It's finally accelerating. Marketplaces only work when they're brutally simple. Just stay in the game.

@AlexBelogubov @refgrow_com now that's what is called, ladies and gentlemen, a GREAT chart congrats alex

It seems Refgrow has now started growing truly organically. I haven't tweeted about @refgrow_com for 3 months, and in the first month, it had a negative effect. I focused on the existing customers and continued improving the product and delivering on what they wanted. And then growth resumed on its own. (I'll let his MRR know when I reach a certain goal)

@audiencon make it 70% and we'll call it a day 😄

Your landing page is too complicated. Cut 50% of the text.

@romanbuildsaas oh man.. such a cool strategy... great to hear what works for you I'm gonna steal your ideas as they come 🏃

Just finished a LinkedIn influencer campaign for gojiberry.ai Input: $1,500 (3 creators @ $500/post). Output: 58 new trials and $1,600+ MRR. The secret sauce? Don’t ask influencers to promote. Ask them to distribute a lead magnet instead. The influencers make a post asking their audience to comment to receive the lead magnet. The lead magnet isn’t sent via DM, it’s delivered publicly as a reply to every comment. And that lead magnet acts as a bait : it builds authority, proof, and alignment so prospects convert directly into your SaaS.

@audiencon don't forget the analytics page 🙈🏃

Me: I'm in "deep work" mode. Also me: Checks notifications for the 47th time