@techreport{rfc7489,
  author      = {Kucherawy, Murray and Zwicky, Elizabeth},
  title       = {Domain-based Message Authentication, Reporting, and Conformance ({DMARC})},
  number      = {RFC 7489},
  institution = {Internet Engineering Task Force},
  year        = {2015},
  url         = {https://datatracker.ietf.org/doc/html/rfc7489},
  note        = {See \S 10.1 on the SPF \texttt{-all} short-circuit risk}
}

@techreport{rfc7208,
  author      = {Kitterman, Scott},
  title       = {Sender Policy Framework ({SPF}) for Authorizing Use of Domains in Email, Version 1},
  number      = {RFC 7208},
  institution = {Internet Engineering Task Force},
  year        = {2014},
  url         = {https://datatracker.ietf.org/doc/html/rfc7208},
  note        = {See \S 4.6.4 on the 10-DNS-lookup processing limit}
}

@techreport{rfc6376,
  author      = {Crocker, Dave and Hansen, Tony and Kucherawy, Murray},
  title       = {{DomainKeys} Identified Mail ({DKIM}) Signatures},
  number      = {RFC 6376},
  institution = {Internet Engineering Task Force},
  year        = {2011},
  url         = {https://datatracker.ietf.org/doc/html/rfc6376}
}

@techreport{nist80017712019,
  author      = {Chandramouli, Ramaswamy and Garfinkel, Simson and Nightingale, Stephen and Rose, Scott},
  title       = {Trustworthy Email},
  number      = {NIST Special Publication 800-177 Rev. 1},
  institution = {National Institute of Standards and Technology},
  year        = {2019},
  doi         = {10.6028/NIST.SP.800-177r1}
}

@techreport{rfc8461,
  author      = {Margolis, Daniel and Risher, Mark and Ramakrishnan, Binu and Brotman, Alex and Jones, Janet},
  title       = {{SMTP MTA} Strict Transport Security ({MTA-STS})},
  number      = {RFC 8461},
  institution = {Internet Engineering Task Force},
  year        = {2018},
  url         = {https://datatracker.ietf.org/doc/html/rfc8461}
}

@techreport{rfc8460,
  author      = {Margolis, Daniel and Brotman, Alex and Ramakrishnan, Binu and Jones, Janet and Risher, Mark},
  title       = {{SMTP TLS} Reporting},
  number      = {RFC 8460},
  institution = {Internet Engineering Task Force},
  year        = {2018},
  url         = {https://datatracker.ietf.org/doc/html/rfc8460}
}

@techreport{rfc7672,
  author      = {Dukhovni, Viktor and Hardaker, Wes},
  title       = {{SMTP} Security via Opportunistic {DNS}-Based Authentication of Named Entities ({DANE}) Transport Layer Security ({TLS})},
  number      = {RFC 7672},
  institution = {Internet Engineering Task Force},
  year        = {2015},
  url         = {https://datatracker.ietf.org/doc/html/rfc7672}
}

@techreport{rfc4033,
  author      = {Arends, Roy and Austein, Rob and Larson, Matt and Massey, Dan and Rose, Scott},
  title       = {{DNS} Security Introduction and Requirements},
  number      = {RFC 4033},
  institution = {Internet Engineering Task Force},
  year        = {2005},
  url         = {https://datatracker.ietf.org/doc/html/rfc4033},
  note        = {Companion specifications: RFC 4034 on Resource Records, RFC 4035 on Protocol Modifications}
}

@techreport{ic3_2023,
  author      = {{Federal Bureau of Investigation, Internet Crime Complaint Center}},
  title       = {2023 Internet Crime Report},
  institution = {U.S. Federal Bureau of Investigation},
  year        = {2024},
  url         = {https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf}
}

@techreport{verizon_dbir_2024,
  author      = {{Verizon}},
  title       = {2024 Data Breach Investigations Report},
  institution = {Verizon Business},
  year        = {2024},
  url         = {https://www.verizon.com/business/resources/reports/dbir/}
}

@misc{cisa_bod_18_01,
  author       = {{Cybersecurity and Infrastructure Security Agency}},
  title        = {Binding Operational Directive 18-01: Enhance Email and Web Security},
  howpublished = {U.S. Department of Homeland Security},
  year         = {2017},
  url          = {https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security}
}

@misc{google_sender_2024,
  author       = {{Google}},
  title        = {Email Sender Guidelines (effective February 2024)},
  year         = {2024},
  url          = {https://support.google.com/mail/answer/81126},
  note         = {Yahoo Postmaster parallel guidance: \url{https://senders.yahooinc.com/best-practices/}}
}

@misc{ietf_dmarc_wg,
  author       = {{Internet Engineering Task Force, DMARC Working Group}},
  title        = {{DMARC} Working Group (charter and active drafts, including {DMARCbis})},
  url          = {https://datatracker.ietf.org/wg/dmarc/about/}
}

@techreport{rfc8301,
  author      = {Kitterman, Scott},
  title       = {Cryptographic Algorithm and Key Usage Update to {DKIM}},
  number      = {RFC 8301},
  institution = {Internet Engineering Task Force},
  year        = {2018},
  url         = {https://datatracker.ietf.org/doc/html/rfc8301}
}

@misc{bimi_group,
  author       = {{AuthIndicators Working Group}},
  title        = {{BIMI}: Brand Indicators for Message Identification},
  url          = {https://bimigroup.org/}
}