Defaults.Exposed › Glossary

Glossary — domain security in plain English

Every term explained without jargon, with what it actually means for your business.

• A record
  The setting that points your web address at the actual server running your website — the link between your name and where your site lives.
• BIMI
  A standard that shows your business logo next to your emails in the inbox — but only once your email is properly protected against impersonation.
• Business Email Compromise (BEC)
  BEC is a scam where criminals use email impersonation to trick your staff or customers into sending money or changing bank details — and tightening your domain's email settings shuts down a key way they pull it off.
• CAA record
  A short rule that names which companies are allowed to issue the security certificate for your website — blocking anyone else from issuing one in your name.
• Cipher suite
  The specific recipe of locks your website uses to encrypt connections — weak recipes leave the door easier to pick, even with the padlock showing.
• Clickjacking
  A trick where your real website is hidden inside an attacker's page so visitors click things they can't see — defended by a simple setting that stops your site being framed.
• CNAME record
  A forwarding label that points one web address at another — letting things like 'www' or a service you use share the right destination automatically.
• Content-Security-Policy (CSP)
  A rulebook your site gives the browser listing exactly what code and content are allowed to run — the main defence against attackers injecting malicious scripts into your pages.
• DKIM
  DKIM puts an invisible tamper-proof signature on every email your business sends, so receiving providers can confirm it really came from you and wasn't altered in transit.
• DKIM selector
  A DKIM selector is a short label that points to one specific signing key in your domain settings — it lets each mail service have its own key, so checks land on the right one.
• DMARC
  DMARC is the instruction that tells receiving mail providers what to do with fake email pretending to be your business — and it's what finally stops criminals from impersonating your domain.
• DMARC policy: p=none vs p=reject
  A DMARC record can either just watch fake email go by (p=none) or actually block it (p=reject) — and a lot of businesses think they're protected when they're only watching.
• DNS propagation
  The waiting period after you change a domain setting, while the rest of the internet catches up — which is why a change can seem to 'not work yet.'
• DNS TXT record
  A flexible note attached to your domain that the internet can read — most often used to prove email is really from you and to verify you own the domain.
• DNSSEC
  A tamper-proof seal on your domain's address lookups, so visitors can't be quietly redirected to a fake copy of your site.
• Email deliverability
  Email deliverability is whether your business email actually reaches the inbox instead of the spam folder — and the main thing in your control is proving to mail providers that your email is genuinely from you.
• Email spoofing
  Email spoofing is when someone sends email that looks like it came from your business — the same name, the same domain — to trick your customers or staff, and it's stopped by locking down your domain's email settings.
• HSTS
  A rule your site sends to browsers that says 'always connect to me securely' — closing a gap attackers use to intercept that first, unprotected visit.
• MTA-STS
  A rule that forces other mail servers to deliver email to you over an encrypted, verified connection — stopping messages from being quietly intercepted in transit.
• MX record
  The setting that tells the world which server should receive email sent to your domain — get it wrong and your email simply stops arriving.
• Nameserver
  The master directory that holds all your domain's settings — where your website lives, where your email goes — and answers the internet when it asks for them.
• Phishing
  Phishing is a fake message designed to trick someone into handing over passwords, money, or details — and when criminals dress it up as coming from your business, your customers get hurt and your name takes the blame.
• Reverse DNS (PTR record)
  The reverse of a normal lookup — it links a server's numbered address back to a name, which mainly affects whether your email is trusted or treated as spam.
• SOA record
  The cover sheet for your domain's settings — it names who's in charge and how often other systems should refresh their copy of your details.
• SPF
  SPF is a setting on your domain that lists which services are allowed to send email as your business — without it, anyone can pretend to be you and your real email is more likely to be junked.
• SPF "too many lookups" error
  An SPF record is allowed only ten behind-the-scenes lookups — go over and the whole record is treated as broken, so your email loses its protection even though the record still appears to exist.
• SSL/TLS certificate
  The digital ID card that proves your website is really yours and switches on the padlock — without it, browsers warn visitors away.
• Subdomain
  A separately named section of your domain (like shop.yourbusiness.com) — handy for organising your presence, but each one is its own door that needs securing.
• TLS (Transport Layer Security)
  The technology that scrambles data travelling between your website and your visitors so nobody can read or tamper with it in transit.
• TLS-RPT
  A setting that asks other mail providers to send you reports whenever email to your domain fails to arrive securely — your early-warning light for email delivery problems.