- Trustworthy Email, NIST SP 800-177 gives recommendations and guidelines for enhancing trust in email. September 2016.
- Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication, reviews Federal Trade Commission research on email authentication. March 2017.
- OMB M-15-13, the HTTPS-Only Standard details HTTPS compliance guidance.
- RFC 7208: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email. April 2014.
- RFC 7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) March 2015.
- dmarc.org maintains a thorough FAQ.
- “DMARC Guide” from Global Cyber Alliance, is a one-off SPF, DKIM, and DMARC policy analyzer and record creator.
pshttare DHS open-source Python scanners to check for SPF/DMARC/STARTTLS usage and HTTPS best practices, respectively.
- “Add a DMARC Record” is a Google help page that offers a stepped approach to enabling DMARC thoughtfully.
- “Use DMARC to validate email in Office 365” provides Microsoft Office 365-related guidance for implementing DMARC on outbound and inbound mail delivery.
- “How to align with SPF and DMARC for your domain if you use a lot of 3rd parties to send email as you” is a vendor-agnostic approach to herding third-party mail-senders to get to strong DMARC enforcement.