You've seen the findings. Here's the fix.

Plain English. Fixed-fee. Documentation your CPA can actually use.

What the engagement is

A one-time, fixed-fee engagement to configure email authentication — SPF, DKIM, DMARC — correctly for your domain, and stage it safely all the way to enforcement (DMARC p=reject), without breaking the mail flow that keeps donor receipts, payroll notifications, and Mailchimp campaigns out of spam folders.

Scope is deliberately narrow: email authentication plus Google Workspace hardening. Not a retainer. Not managed IT. Not endpoint security. When it's done, you own the configuration, your auditor has the documentation they need, and I go away.

What you get

Price and timeline

$1,500 fixed fee. No retainer, no surprise scope. Four to six hours of technical work on my end, staged over four to six weeks on your calendar so DMARC enforcement doesn't trip legitimate senders.

At $1,500 this typically sits below a nonprofit's capitalization threshold — CFO discretionary, no board vote required. Deliberately priced there.

Why your auditor has started caring

SAS 145 (effective for audit periods ending on or after December 15, 2023) requires auditors to evaluate IT general controls rather than defaulting to high risk. Email authentication is precisely the kind of control that now surfaces in management-letter findings.

2 CFR 200.303(e) (Uniform Guidance update, October 2024) makes cybersecurity an explicit eligibility requirement for federal grantees.

And AICPA independence rules (ET 1.295) prevent your auditor from implementing the fix for their own audit client. They're required to flag it. They're barred from fixing it. That's why this service exists.

Who's doing the work

I'm David Koosis. Twenty-plus years as a CIO and CTO. I've led technology for the 988 Suicide & Crisis Lifeline, the NYPD, and NYC public health — all organizations where email getting through, and email not being spoofed, mattered in ways most people never think about.

More on what else I do at uprizr.com.

If we've already been in touch

You already have the findings for your domain and you already have my email address. The simplest next step is just to reply. Any of these work:

If you landed here some other way

Enter your domain and I'll send you a plain-English scan of your current email authentication posture within 24 hours. One-time, no list, no drip.

No drip sequence. No sales automation. No list. If this isn't the right time or the right fit, I'd rather know than not.