Short essays on how the internet works under the hood — networking concepts explained simply, the meaning behind IP and DNS data, and practical ways to use these tools.
IP reputation is the quiet gatekeeper behind mail that lands in spam and sign-ups buried in CAPTCHAs. Why it's not one score but many, how an address earns a bad one, how you can inherit one you didn't cause, and how to check and fix yours.
Read →Typosquatting registers domains that are deliberate misspellings of popular ones. The variation tricks, homograph attacks using look-alike characters, what squatters do with the domains, and how to defend — as a user and as a brand.
Read →An indicator of compromise is observable evidence of a breach — a malicious IP, domain, or file hash. The main types, IOC vs IOA, the Pyramid of Pain, why indicators expire so fast, and how enrichment turns one into intelligence.
Read →SMTP encryption is opportunistic and can be stripped in a downgrade attack. MTA-STS forces TLS on mail delivered to your domain, TLS-RPT shows you when it fails, and DANE is the DNSSEC-based alternative. How to roll it out safely.
Read →BIMI shows your verified logo next to your emails — but only after DMARC enforcement, a compliant SVG, and (for Gmail) a mark certificate. How the chain works, VMC vs CMC, and which inboxes display it.
Read →A hash turns any input into a fixed-size fingerprint you can't reverse. The properties that make it useful, why MD5 and SHA-1 are broken, where hashing is used, and why passwords need a salt and a slow algorithm.
Read →Base64 turns binary data into plain text so it can travel through email, URLs, and JSON. How the three-bytes-to-four-characters trick works, the padding, the URL-safe variant — and why it hides nothing.
Read →A JWT is a signed, readable token that carries claims about you. How the three parts work, why it's signed but not secret, the revocation problem, and the classic attacks.
Read →What an SSL certificate really is, how the chain of trust runs from root to leaf, and what the padlock actually proves — and doesn't. Plus the shrinking certificate lifetime and the end of OCSP.
Read →Open ports show what services an IP exposes to the internet — and where the risk is. How to read port, CVE, and service data, and check any IPv4 free without scanning.
Read →How CSP blocks cross-site scripting by telling browsers which sources to trust — directives, nonces, strict-dynamic, and report-only rollouts.
Read →How the Strict-Transport-Security header and the browser preload list eliminate SSL stripping — plus the four preload requirements and the risks of opting in.
Read →What user agent strings contain, why every browser pretends to be every other browser, and how Client Hints are replacing the classic UA header.
Read →How to look up geolocation, ASN, and hostname for up to 100 IP addresses at once. Use cases, export to CSV/JSON, and what the results tell you.
Read →How DNSSEC works — the chain of trust from root to record, DS and DNSKEY records, why it matters, and why most domains still don't use it.
Read →What CAA DNS records do, how they restrict certificate issuance to authorized CAs, the three tag types, and why every domain should have one.
Read →Five ways to check if an email address is valid — syntax, MX records, disposable detection, SPF/DMARC checks, and typo correction — without sending anything.
Read →What a DNS leak is, why it matters when using a VPN, how DNS leak tests work, and five steps to fix a leak if you find one.
Read →What Certificate Transparency logs are, how they prevent unauthorized SSL certificates, and how to use them for subdomain discovery and security auditing.
Read →What MAC addresses are, how OUI prefixes identify manufacturers, MAC randomization for privacy, and the difference between MAC and IP addresses.
Read →How DKIM works — the cryptographic signature that proves an email wasn't tampered with in transit. Selectors, key rotation, and what to check.
Read →How websites detect VPN and proxy connections — IP reputation databases, ASN analysis, data center detection, DNS leaks, and WebRTC. What actually works.
Read →A practical guide to the six HTTP security headers every site should set — CSP, HSTS, X-Frame-Options, and more — and what each one actually prevents.
Read →A practical guide to reading raw email headers — how to find the Received chain, check SPF/DKIM/DMARC results, spot delays, and identify the origin server.
Read →What DMARC does, how it connects SPF and DKIM, what the three policies mean, and why Google and Yahoo now require it for bulk senders.
Read →What SPF records do, how to read one, why the 10-lookup limit matters, and what happens when SPF fails — the first layer of email authentication.
Read →How WebRTC's ICE candidate gathering can expose your real IP address even behind a VPN — what browsers do about it, and how to check yours.
Read →Why DNS changes don't take effect instantly, what TTL actually controls, and how to check whether your records have propagated to resolvers worldwide.
Read →Every domain name and IP address has an owner on record. WHOIS (now RDAP) is the public system for looking up that registration data. Here's what it tells you, what it doesn't, and how GDPR changed it.
Read →Your browser reveals more than you think. Without cookies or logins, websites can build a unique profile from your screen size, GPU, fonts, and dozens of other signals. Here's how it works and what to do about it.
Read →A content delivery network copies your website to hundreds of locations worldwide so every visitor loads it from somewhere nearby. Here's how the trick works, what CDNs do beyond caching, and how to tell whether a site is using one.
Read →The /24 after an IP address isn't decoration. It's a precise mathematical statement about which addresses belong to a network and which don't — and once you can read it, firewall rules, routing tables, and ISP allocations all make sense.
Read →Same server, same IP address — but port 80 means plain HTTP and port 443 means HTTPS. Here's what ports actually are, how TLS secures the connection, and which other ports are worth knowing about.
Read →DNS records are how the internet knows where to send your traffic. A walk through every record type you'll actually encounter — A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, CAA, SRV — and why each one matters.
Read →If your emails are bouncing or your IP is being blocked, you might be on an RBL — a real-time blackhole list. Here's how the lists work, why your IP could be on one, and what to do about it.
Read →Forward DNS turns names into IPs. Reverse DNS does the opposite — using an ingenious 1980s hack involving the in-addr.arpa domain. Here's how it works and where it actually matters.
Read →Traceroute shows the path your packets take across the internet. The output looks intimidating — but every column has an exact meaning, and every line tells a story.
Read →Every public IP belongs to an Autonomous System — a network operated by a single organisation. Here's what that number means, why it's more reliable than geolocation, and how to find it.
Read →Every device on the internet has two IP addresses at the same time — one private, one public. Knowing the difference makes a lot of networking suddenly make sense.
Read →Three address blocks — 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 — reserved for private networks since 1996. Why they exist, how NAT makes them work, and what gets confused with them.
Read →Every website lives at an IP address. Here's how to find it — in your browser, on the command line, or with a single click — and what the answer actually means when the site is behind a CDN.
Read →The longer, hex-formatted version of your IP — and the thing most people don't realise: you almost certainly have several of them at the same time. What each one is for, why one of them rotates daily, and how to see your own.
Read →Every "find my IP location" tool returns a city, latitude, and longitude. But where does that data come from — and how wrong can it be? A look at registries, BGP routes, probe networks, and the surprisingly shaky math behind city-level accuracy.
Read →Every device on the internet has an address. This piece walks through what an IP address actually is, why most people see two different ones, what websites can do with the address they see, and what stays hidden.
Read →