Practical Security Guides For Your Team
Clear, non-alarmist guidance for real web vulnerabilities so your team can prioritize fixes confidently.
Email Domain Has No Active Spoofing Protection
mediumYour domain has a DMARC record, but it's set to 'monitor only' mode — meaning it watches for suspicious emails but takes no action to stop them. Think of it like a smoke detector that logs every fire but never sounds the alarm. Anyone can send emails that appear to come from your domain, and those messages will land in recipients' inboxes unchallenged.
Missing Email Protection Lets Anyone Impersonate Your Domain
mediumYour domain account.roamler.com is missing a security record that tells email providers how to handle messages that pretend to be from you. Without it, someone could send emails that appear to come from your domain — like a fake invoice or login request — and many recipients' inboxes would accept them as legitimate. This is a configuration gap, not an active attack, but it's worth closing.