ZeroHookZeroHook

ZeroHook Blog

Fixes, not fluff. DNS security and compliance guides for IT managers who already know the acronyms.

SPF Record Syntax: Complete Reference
SPF
Jun 29, 2026·13 min read

SPF Record Syntax: Complete Reference

SPF record syntax from v=spf1 through -all: includes, lookup limits, permerror traps, and provider templates. The reference we use before editing any production TXT record.

Read Article
SOC2 CC6.6 DNS Monitoring Evidence
Compliance
Jun 29, 2026·9 min read

SOC2 CC6.6 DNS Monitoring Evidence

SOC2 CC6.6 DNS monitoring evidence for Type II: enforced DMARC, MTA-STS, change detection, and tamper-proof logs auditors accept when Excel exports fail.

Read Article
ISO 27001: 12 Email DNS Records That Matter
Compliance
Jun 29, 2026·9 min read

ISO 27001: 12 Email DNS Records That Matter

Twelve ISO 27001 email DNS records mapped to Annex A 2022 controls: SPF, DKIM, DMARC, MTA-STS, TLS-RPT, MX, DNSSEC, CAA, and the records auditors flag first.

Read Article
Microsoft 365 SPF Record Template
SPF
Jun 29, 2026·4 min read

Microsoft 365 SPF Record Template

Copy-paste SPF templates for Microsoft 365-only mail, M365 plus Mailchimp or HubSpot, and hybrid setups. Cloudflare and GoDaddy publish steps included.

Read Article
NIS2 Email Security Checklist (2026)
Compliance
Jun 23, 2026·14 min read

NIS2 Email Security Checklist (2026)

NIS2 Article 21 requires technical measures for network and information systems. Email authentication, DNS security, and continuous monitoring evidence are the controls SMBs get questioned on first. Full 2026 checklist.

Read Article
Fix SPF Permerror (Too Many Lookups)
SPF
Jun 23, 2026·5 min read

Fix SPF Permerror (Too Many Lookups)

SPF PermError stops SPF evaluation entirely, breaking deliverability and DMARC alignment. Fix syntax errors, merge duplicate TXT records, and stay under the 10 DNS lookup limit.

Read Article
NIS2 Article 21: DNS Auditors Ask For
Compliance
Jun 23, 2026·8 min read

NIS2 Article 21: DNS Auditors Ask For

NIS2 Article 21 does not name SPF or DMARC, but DNS and email authentication evidence is what assessors request first. Controls, artifacts, and sample auditor questions for 2026.

Read Article

Stay Secure

Get the latest security alerts and analysis from the ZeroHook team.