Blog

Long-form notes from the Wiredepth team

Research, methodology, and how-tos on email authentication, domain posture, and SMB-scale threat intelligence. Less product marketing, more concrete data.

• 2026-05-12 · 8 min read

  Who can phish as your domain? We measured 203 of them.

  We crawled every third party authorized to send mail as 203 of the world's most-impersonated brands. The median brand has 6 vendors authorized; 3 of them can send AS the brand and pass SPF. 1 in 3 brands has 5+ authorized senders. 1 in 5 has duplicate transactional senders. 1 in 17 still authorizes a workspace they migrated away from. Full breakdown + methodology.

  Read →

• 2026-05-09 · 8 min read

  The State of DMARC, 2026

  We crawled the top 100,000 domains and looked at every published DMARC, SPF, and DKIM record. Here is what is actually deployed in 2026 - the headline adoption rate, the silent breakage rate, and where SaaS-heavy email stacks are quietly hitting the SPF lookup limit.

  Read →