Plain English. Fixed-fee. Documentation your CPA can actually use.
A one-time, fixed-fee engagement to configure email authentication — SPF, DKIM, DMARC — correctly for your domain, and stage it safely all the way to enforcement (DMARC p=reject), without breaking the mail flow that keeps donor receipts, payroll notifications, and Mailchimp campaigns out of spam folders.
Scope is deliberately narrow: email authentication plus Google Workspace hardening. Not a retainer. Not managed IT. Not endpoint security. When it's done, you own the configuration, your auditor has the documentation they need, and I go away.
p=reject over four to six weeks, with aggregate reports reviewed weekly to catch legitimate senders before they get blocked.
$1,500 fixed fee. No retainer, no surprise scope. Four to six hours of technical work on my end, staged over four to six weeks on your calendar so DMARC enforcement doesn't trip legitimate senders.
At $1,500 this typically sits below a nonprofit's capitalization threshold — CFO discretionary, no board vote required. Deliberately priced there.
SAS 145 (effective for audit periods ending on or after December 15, 2023) requires auditors to evaluate IT general controls rather than defaulting to high risk. Email authentication is precisely the kind of control that now surfaces in management-letter findings.
2 CFR 200.303(e) (Uniform Guidance update, October 2024) makes cybersecurity an explicit eligibility requirement for federal grantees.
And AICPA independence rules (ET 1.295) prevent your auditor from implementing the fix for their own audit client. They're required to flag it. They're barred from fixing it. That's why this service exists.
I'm David Koosis. Twenty-plus years as a CIO and CTO. I've led technology for the 988 Suicide & Crisis Lifeline, the NYPD, and NYC public health — all organizations where email getting through, and email not being spoofed, mattered in ways most people never think about.
More on what else I do at uprizr.com.
You already have the findings for your domain and you already have my email address. The simplest next step is just to reply. Any of these work:
Enter your domain and I'll send you a plain-English scan of your current email authentication posture within 24 hours. One-time, no list, no drip.
No drip sequence. No sales automation. No list. If this isn't the right time or the right fit, I'd rather know than not.