The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.

Are you in search of a company that resonates with your proactive spirit and entrepreneurial mindset? Your search ends here with Premier Truck Rental! Company Overview At Premier Truck Rental (PTR), we provide customized commercial fleet rentals nationwide, helping businesses get the right trucks and equipment to get the job done. Headquartered in Fort Wayne, Indiana, PTR is a family-owned company built on a foundation of integrity, innovation, and exceptional service. We serve a wide range of industriesincluding construction, utilities, and infrastructureby delivering high-quality, ready-to-work trucks and trailers tailored to each customers needs. At PTR, we dont just rent truckswe partner with our customers to drive efficiency and success on every job site. Please keep reading Not sure if you meet every requirement? Thats okay! We encourage you to apply if youre passionate, hardworking, and eager to contribute. We know that diverse perspectives and experiences make us stronger, and we want you to be part of our journey. Inside Sales Representative (ISR) at PTR is a friendly, people-oriented, and persuasive steward of the sales process. This role will support our Territory Managers with their sales pipeline while also prospecting and cross-selling PTR products themselves. This support includes driving results by enrolling the commitment and buy-in of other internal departments to achieve sales initiatives. The Inside Sales Representative will also represent PTRs commitment to being our customers easy button by serving as the main point of contact. They will be the front-line hero by assisting them in making informed decisions, providing guidance on our rentals, and resolving any issues they might face. We are seeking someone eager to develop their sales skills and grow within our organization. This role is designed as a stepping stone to a Territory Sales Manager (TSM) position, providing hands-on experience with customer interactions, lead qualification, and sales process execution. Ideal candidates will demonstrate a strong drive for results, the ability to build relationships, and a proactive approach to learning and development. High-performing ISRs will have the opportunity to be mentored, trained, and considered for promotion into a TSM role as part of their career path at PTR. COMPENSATION This position offers a competitive compensation package of base salary ($50,000/yr) plus uncapped commissions =OTE $85,000 annually. RESPONSIBILITIES Offer top-notch customer service and respond with a sense of urgency for goal achievement in a fast-paced sales environment. Build a strong pipeline of customers by qualifying potential leads in your territory. This includes strategic prospecting and sourcing. Develop creative ways to engage and build rapport with prospective customers by pitching the Premier Truck Rental value proposition. Partner with assigned Territory Managers by assisting with scheduling customer visits, trade shows, new customer hand-offs, and any other travel requested. Facilitate in-person meetings and set appointments with prospective customers. Qualify and quote inquiries for your prospective territories both online and from the Territory Manager. Input data into the system with accuracy and follow up in a timely fashion. Facilitate the onboarding of new customers through the credit process. Drive collaboration between customers, Territory Managers, Logistics, and internal teams to coordinate On-Rent and Off-Rent notices with excellent attention to detail. Identify and arrange the swap of equipment from customers meeting the PTR de-fleeting criteria. Manage the sales tools to organize, compile, and analyze data with accuracy for a variety of activities and multiple projects occurring simultaneously.Building and developing a new 3-4 state territory! REQUIREMENTS MUST HAVE2+ years of strategic prospecting or account manager/sales experience; or an advanced degree or equivalent experience converting prospects into closed sales. Tech-forward approach to sales strategy. Excellent prospecting, follow-up, and follow-through skills. Committed to seeing deals through completion. Accountability and ownership of the sales process and a strong commitment to results. Comfortable with a job that has a variety of tasks and is dynamic and changing. Proactive prospecting skills and can overcome objections; driven to establish relationships with new customers. Ability to communicate in a clear, logical manner in formal and informal situations. Proficiency in CRMs and sales tracking systems Hunters mindsetsomeone who thrives on pursuing new business, driving outbound sales, and generating qualified opportunities. Prospecting: Going on LinkedIn, Looking at Competitor data, grabbing contacts for the TM, may use technology like Apollo and LinkedIn Sales Navigator Partner closely with the Territory Manager to ensure a unified approach in managing customer relationships, pipeline development, and revenue growth. Maintain clear and consistent communication to align on sales strategies, customer needs, and market opportunities, fostering a seamless and collaborative partnership with the Territory Manager. Consistently meet and exceed key performance indicators (KPIs), including rental revenue, upfit revenue, and conversion rates, by actively managing customer accounts and identifying growth opportunities. Support the saturation and maturation of the customer base through strategic outreach, relationship management, and alignment with the Territory Manager to drive long-term success. Remote in the United States with some travel to trade shows, quarterly travel up to a week at a time, and sales meetingsNICE TO HAVE Rental and/or sales experience in the industry. Proficiency in , Apollo.io , LinkedIn Sales Navigator, Power BI, MS Dynamics, Chat GPT. Established relationships within the marketplace or territory. Motivated to grow into outside territory management position with relocation On Target Earnings: ($85,000)EMPLOYEE BENEFITSWellness & Fitness: Take advantage of our on-site CrossFit-style gym, featuring a full-time personal trainer dedicated to helping you reach your fitness goals. Whether you're into group classes, virtual personal training, personalized workout plans, or nutrition coaching, weve got you covered!Exclusive Employee Perks: PTR Swag & a Uniform/Boot Allowance, On-site Micro-Markets stocked with snacks & essentials, discounts on phone plans, supplier vehicles, mobile detailing, tools, & equipmentand much more!Profit SharingYour Success, rewarded: At PTR, we believe in sharing success. Our Profit-SharingComprehensive BenefitsStarting Day One:Premium healthcare coverage (medical, dental, vision, mental health & virtual healthcare)401(k) matching & long-term financial planning Paid time off that lets you recharge Life, accidental death, and disability coverage Ongoing learning & development opportunitiesTraining, Growth & RecognitionWe partner with Predictive Index to better understand your strengths, ensuring tailored coaching, structured training, and career development. Performance and attitude evaluations every 6 months keep you on track for growth.Culture & ConnectionMore Than Just a JobAt PTR, we dont just build relationships with our customerswe build them with each other. Our tech-forward, highly collaborative culture is rooted in our core values. Connect and engage through:PTR Field Days & Team EventsThe Extra Mile Recognition ProgramPTR Text Alerts & Open CommunicationPremier Truck Rental Is an Equal Opportunity Employer We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. If you need support or accommodation due to a disability, contact us at PI6e547fa1c5-

Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More AI is advancing at a rapid clip for businesses, and that’s especially true of speech and voice AI models. Case in point: Today, ElevenLabs, the well-funded voice and AI sound effects startup founded by former Palantir engineers, debuted Conversational AI 2.0, a significant upgrade to its platform for building advanced voice agents for enterprise use cases, such as customer support, call centers, and outbound sales and marketing. This update introduces a host of new features designed to create more natural, intelligent, and secure interactions, making it well-suited for enterprise-level applications. The launch comes just four months after the debut of the original platform, reflecting ElevenLabs’ commitment to rapid development, and a day after rival voice AI startup Hume launched its own new, turn-based voice AI model, EVI 3. It also comes after new open source AI voice models hit the scene, prompting some AI influencers to declare ElevenLabs dead. It seems those declarations were, naturally, premature. According to Jozef Marko from ElevenLabs’ engineering team, Conversational AI 2.0 is substantially better than its predecessor, setting a new standard for voice-driven experiences. Enhancing naturalistic speech A key highlight of Conversational AI 2.0 is its state-of-the-art turn-taking model. This technology is designed to handle the nuances of human conversation, eliminating awkward pauses or interruptions that can occur in traditional voice systems. By analyzing conversational cues like hesitations and filler words in real-time, the agent can understand when to speak and when to listen. This feature is particularly relevant for applications such as customer service, where agents must balance quick responses with the natural rhythms of a conversation. Multilingual support Conversational AI 2.0 also introduces integrated language detection, enabling seamless multilingual discussions without the need for manual configuration. This capability ensures that the agent can recognize the language spoken by the user and respond accordingly within the same interaction. The feature caters to global enterprises seeking consistent service for diverse customer bases, removing language barriers and fostering more inclusive experiences. Enterprise-grade One of the more powerful additions is the built-in Retrieval-Augmented Generation (RAG) system. This feature allows the AI to access external knowledge bases and retrieve relevant information instantly, while maintaining minimal latency and strong privacy protections. For example, in healthcare settings, this means a medical assistant agent can pull up treatment guidelines directly from an institution’s database without delay. In customer support, agents can access up-to-date product details from internal documentation to assist users more effectively. Multimodality and alternate personas In addition to these core features, ElevenLabs’ new platform supports multimodality, meaning agents can communicate via voice, text, or a combination of both. This flexibility reduces the engineering burden on developers, as agents only need to be defined once to operate across different communication channels. Further enhancing agent expressiveness, Conversational AI 2.0 allows multi-character mode, enabling a single agent to switch between different personas. This capability could be valuable in scenarios such as creative content development, training simulations, or customer engagement campaigns. Batch outbound calling For enterprises looking to automate large-scale outreach, the platform now supports batch calls.\ Organizations can initiate multiple outbound calls simultaneously using Conversational AI agents, an approach well-suited for surveys, alerts, and personalized messages. This feature aims to increase both reach and operational efficiency, offering a more scalable alternative to manual outbound efforts. Enterprise-grade standards and pricing plans Beyond the features that enhance communication and engagement, Conversational AI 2.0 places a strong emphasis on trust and compliance. The platform is fully HIPAA-compliant, a critical requirement for healthcare applications that demand strict privacy and data protection. It also supports optional EU data residency, aligning with data sovereignty requirements in Europe. ElevenLabs reinforces these compliance-focused features with enterprise-grade security and reliability. Designed for high availability and integration with third-party systems, Conversational AI 2.0 is positioned as a secure and dependable choice for businesses operating in sensitive or regulated environments. As far as pricing is concerned, here are the available subscription plans that include Conversational AI currently listed on ElevenLabs’ website: Free: $0/month, includes 15 minutes, 4 concurrency limit, requires attribution and no commercial licensing. Starter: $5/month, includes 50 minutes, 6 concurrency limit. Creator: $11/month (discounted from $22), includes 250 minutes, 6 concurrency limit, ~$0.12 per additional minute. Pro: $99/month, includes 1,100 minutes, 10 concurrency limit, ~$0.11 per additional minute. Scale: $330/month, includes 3,600 minutes, 20 concurrency limit, ~$0.10 per additional minute. Business: $1,320/month, includes 13,750 minutes, 30 concurrency limit, ~$0.096 per additional minute. A new chapter in realistic, naturalistic AI voice interactions As stated in the company’s video introducing the new release, “The potential of conversational AI has never been greater. The time to build is now.” With Conversational AI 2.0, ElevenLabs aims to provide the tools and infrastructure for enterprises to create truly intelligent, context-aware voice agents that elevate the standard of digital interactions. For those interested in learning more, ElevenLabs encourages developers and organizations to explore its documentation, visit the developer portal, or reach out to the sales team to see how Conversational AI 2.0 can enhance their customer experiences. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured.

May 30, 20256 min readInside the Lifesaving Power of Doppler Weather RadarDoppler radar is one of the most revolutionary and lifesaving tools of modern meteorology, which has experts worried about outages because of recent staffing cuts and conspiracy theoriesBy Andrea Thompson edited by Dean Visser Mfotophile/Getty ImagesOutside every National Weather Service (NWS) office around the U.S. stands what looks like an enormous white soccer ball, perched atop metal scaffolding several stories high. These somewhat plain spheres look as ho-hum as a town water tower, but tucked inside each is one of modern meteorology’s most revolutionary and lifesaving tools: Doppler radar.The national network of 160 high-resolution radars, installed in 1988 and updated in 2012, sends out microwave pulses that bounce off raindrops or other precipitation to help forecasters see what is falling and how much—providing crucial early information about events ranging from flash floods to blizzards. And the network is especially irreplaceable when it comes to spotting tornadoes; it has substantially lengthened warning times and reduced deaths. Doppler radar has “really revolutionized how we’ve been able to issue warnings,” says Ryan Hanrahan, chief meteorologist of the NBC Connecticut StormTracker team.But now meteorologists and emergency managers are increasingly worried about what might happen if any of these radars go offline, whether because of cuts to the NWS made by the Trump administration or threats from groups that espouse conspiracy theories about the radars being used to control the weather. “Losing radar capabilities would “take us back in time by four decades,” says Jana Houser, a tornado researcher at the Ohio State University. If they go down, “there’s no way we’re going to be effective at storm warnings.”On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.How Doppler radars workThe NWS installations form a network called the Next Generation Weather Radar, or NEXRAD. Inside each giant white sphere is a device that looks like a larger version of a home satellite TV dish, with a transmitter that emits pulses in the microwave region of the electromagnetic spectrum. Those pulses bounce off raindrops, snowflakes, hailstones—what meteorologists collectively call hydrometeors—and back to the dish antenna. (The pulses also sometimes bounce off bats, birds and even moving trains, which yield characteristic radar patterns that experts can usually identify.)Amanda MontañezThe power of the returning signals lets experts create a picture of size, shape and intensity of any precipitation—and this is what you see on a phone app’s radar map or a TV broadcast.But NEXRAD can do much, much more than show how hard it’s raining. Within its sphere, each unit rotates and scans up and down through the sky, helping forecasters see what is happening at multiple levels of a storm system. These vertical profiles can show, for example, whether a tornado is forming or a storm is creating a downburst—a rapid downward blast of wind. “Doppler radar basically allows us to see in the clouds,” Hanrahan says.And then there’s the “Doppler” part itself. The name refers to a phenomenon that’s familiar to many, thanks to the electromagnetic waves’ acoustic counterpart. We’ve all experienced this, often most obviously when we hear an emergency vehicle siren pass nearby: the pitch increases as the car gets closer and decreases as it moves away. Similarly, the returning radar bounce from a rain droplet or piece of tornadic debris that is moving toward the emitter will have a shorter wavelength than the pulse that was sent out, and the signal from an object moving away from the radar will have a longer wavelength. This allows the radar to efficiently distinguish the tight circulation of a tornado.These two images show how dual-polarization helps NWS forecasters detect a tornado that is producing damage. The left image shows how the Doppler radar can detect rotation. Between the two yellow arrows, the red color indicates outbound wind, while the green color indicate inbound wind, relative to the location of the radar. The right image shows how dual-polarization information helps detect debris picked up by the tornado.NOAAThe nation’s radar system was upgraded in 2012 to include what is called dual polarization. This means the signal has both vertically and horizontally oriented wavelengths, providing information about precipitation in more than one dimension. “A drizzle droplet is almost perfectly spherical, so it returns the same amount of power in the horizontal and in the vertical,” Hanrahan says, whereas giant drops look almost like “hamburger buns” and so send back more power in the horizontal than the vertical.Are Doppler radars dangerous? Can they affect the weather?Doppler radars do not pose any danger to people, wildlife or structures—and they cannot affect the weather.Along the electromagnetic spectrum, it is the portions with shorter wavelengths such as gamma rays and ultraviolet radiation that can readily damage the human body—because their wavelengths are the right size to interact with and damage DNA or our cells. Doppler radars emit pulses in wavelengths about the size of a baseball.Amanda MontañezBeing hit by extremely concentrated microwave radiation could be harmful; this is why microwave ovens have mesh screens that keep the rays from escaping. Similarly, you wouldn’t want to stand directly in front of a radar microwave beam. Military radar technicians found this out years ago when working on radars under operation, University of California, Los Angeles, climate scientist Daniel Swain said during one of his regular YouTube talks. They “had experiences like the candy bar in their pocket instantly melting and then feeling their skin getting really hot,” he said.Similar to how a microwave oven works, when the microwave signal from a radar hits a hydrometeor, the water molecules vibrate and so generate heat because of friction and reradiate some of the received energy, says Cynthia Fay, who serves as a focal point for the National Weather Service’s Radar Operations Center. But “microwave radiation is really not very powerful, and the whole point is that if you stand more than a couple dozen feet away from the dome it's not even really going to affect your body, let alone the global atmosphere,” Swain adds.At the radar’s antenna, the average power is about 23.5 megawatts (MW) of energy, Fay says. (A weak or moderate thunderstorm may generate about 18 MW in about an hour.) But the energy from the radar signal dissipates very rapidly with distance: at just one kilometer from the radar, the power is 0.0000019 MW, and at the radar’s maximum range of 460 kilometers, it is 8.8 x 10–12 MW, Fay says. “Once you’re miles away, it’s just really not a dangerous amount” of energy, Swain said in his video.A supercell thunderstorm that produced an F4 tornado near Meriden, KS, in May 1960, as seen from the WSR-3 radar in Topeka (left). A supercell thunderstorm that produced an EF5 tornado in Moore, OK, in May 2013, as seen from a modern Doppler weather radar near Oklahoma City (right).NOAAAnd Doppler radars spend most of their time listening for returns. According to the NWS, for every hour of operation, a radar may spend as little as seven seconds sending out pulses.The idea that Doppler radar can control or affect the weather is “a long-standing conspiracy [theory] that has existed really for decades but has kind of accelerated in recent years,” Swain said in his video. It has resurfaced recently with threats to the National Oceanic and Atmospheric Administration radar system from an antigovernment militia group, as first reported by CNN. The Washington Post reported that the group’s founder said that its members were carrying out “attack simulations” on sites in order to later destroy the radars,—which the group believes are “weather weapons,” according to an internal NOAA e-mail. NOAA has advised radar technicians at the NWS’s offices to exercise caution and work in teams when going out to service radars—and to notify local law enforcement of any suspicious activity.“NOAA is aware of recent threats against NEXRAD weather radar sites and is working with local and other authorities in monitoring the situation closely,” wrote a NWS spokesperson in response to a request for comment from Scientific American.What happens if weather radars go offline?NOAA’s radars have been on duty for 24 hours a day, seven days a week and 365 days a year since 1988 (with brief downtimes for maintenance and upgrades). “It’s amazing what workhorses these radars have been,” Hanrahan says.The image on the left shows a reflectivity radar image of a supercell thunderstorm that produced several tornadoes on April 19, 2023, near Oklahoma City, OK. The hook shape present often indicates rotation within the storm. The image on the right show velocity information that corresponds to the reflectivity image. Very strong inbound winds (green colors) are next to very strong outbound winds (bright red/yellow colors). This very strong inbound/outbound “couplet” indicates the very strong rotation of a tornado.NOAABut they do require that periodic maintenance because of all the large moving parts needed to operate them. And with Trump administration cuts to NOAA staffing and freezes on some spending, “we just got rid of a lot of the radar maintenance technicians, and we got rid of the budget to repair a lot of these sites,” Swain said in his video. “Most of these are functioning fine right now. The question is: What happens once they go down, once they need a repair?”It is this outage possibility that most worries weather experts, particularly if the breakdowns occur during any kind of severe weather. “Radars are key instruments in issuing tornado warnings,” the Ohio State University’s Houser says. “If a radar goes down, we’re basically down as to what the larger picture is.”And for much of the country—particularly in the West—there is little to no overlap in the areas that each radar covers, meaning other sites would not be able to step in if a neighboring radar is out. Hanrahan says the information provided by the radars is irreplaceable, and the 2012 upgrades mean “we don’t even need to have eyes on a tornado now to know that it’s happening. It’s something that I think we take for granted now.”

Job DescriptionPlease Read Carefully & Fully Complete Both Steps Below to Be ConsideredWe’re offering an opportunity to join One Janitorial as a  Outbound Cold Calling Trainer Remote— a full-time remote role focused on building and leading a high-performance sales team. This position comes with consistent hours, strong earning potential, and the ability to directly shape the performance of new hires.CompensationBase Pay: $1,200 CAD per monthPerformance-Based Commission: Up to $2,000 CAD/month based on the number of successful trainee graduatesStep 1: Video SubmissionPlease record a 2–3 minute video answering the following questions:How long have you done training or team leading in an outbound cold calling role?What were you selling, and how many people per month did you train or manage?What did your training program or process look like?Upload your video to Loom, Google Drive, or YouTube (unlisted).Make sure your video is viewable by anyone with the link.You’ll submit the video link in Step 2 below.Step 2: Complete the Application Form + Attach Your Resume/CVFill out the short application form, attach your resume/CV, and paste your video link in the designated field:👉 https://5m2ng.share.hsforms.com/2JbQPoKDHTz6UHkr45HP9wgNote: Applications without both the video and completed form will not be reviewed.About the Role: Remote Outbound Cold Calling TrainerAs a Trainer, you’ll be responsible for overseeing the end-to-end onboarding and performance development of new appointment setters. Your core responsibilities will include:Reviewing applicants and selecting the final candidates for trainingLeading biweekly 10-day training classes (up to 6 trainees per class)Coaching and monitoring daily performance and script complianceEnsuring trainees meet the graduation requirements:Book a minimum of 3 qualified appointmentsWork 10 consecutive days without time offAchieve 100% script and process complianceAssigning leads, reviewing daily activity, and providing performance feedbackRequirementsFluent English communication (minimum 9/10 written and spoken)Previous experience training or managing outbound appointment settersComputer with at least 4GB RAMHigh-quality webcam and microphone headsetStable, high-speed internetQuiet, distraction-free home workspaceAvailability Monday to Friday, 8:30 AM – 5:00 PM MDTFamiliarity with cold calling, Google Suite, and remote coaching toolsHigh energy, strong leadership, and a results-driven mindsetOur Core Values at One JanitorialDisciplineEthical BehaviorResults-Oriented MindsetMaking an ImpactCommitmentResponsibilityIf these values align with yours and you’re ready to lead others to success, we’d love to hear from you.We look forward to your application.— The One Janitorial Team

About the RoleCreators are at the center of everything we do. As Head of Creator Customer Experience, you’ll ensure every interaction we have with a creator—whether they’re just joining or one of our top performers—reflects thoughtfulness, clarity, and care.This is a foundational role, combining customer experience, creator support, and workflow design. You’ll be responsible for ensuring a high-volume, high-touch experience remains consistent, strategic, and deeply human—even as we scale through automation. You’ll also build and oversee a lean offshore team to extend coverage and keep the bar high as we grow.What You’ll DoServe as the main point of contact for thousands of creators across email, SMS, and socialMaintain and refine our tone of voice, ensuring every outbound or in-platform message feels on-brandResolve questions, coordinate gifting logistics, and manage escalations with speed and empathyBuild, train, and manage an offshore support team to handle scaled CX and outreachQA creator-facing automations and AI-powered workflows for tone, clarity, and accuracyDocument CX systems and drive process improvements in collaboration with productCapture and synthesize feedback to help steer product and strategyUse (and help shape) internal AI tools to make high-touch support more scalableWho You AreNative or near-native English speaker with exceptional written and verbal communicationExperienced in hiring, managing, and training offshore CX or operations teamsFamiliar with creator/influencer ecosystems and/or customer support for consumer-facing brandsProficient with AI tools like ChatGPT or Notion AI; Pylon experience is a plusDetail-obsessed, emotionally intelligent, and committed to delivering premium experiencesComfortable working US hours from any location