TESI The Email Security Institute
Menu

The TESI Email Security Framework.

A foundational standards document defining what 'secure email' means in operational terms. The first thing TESI ships — and the reference for every certification and training that follows.

v0 in preparation. Public consultation targeted for Q4 2026.

Release will follow the standards-body process: working draft, public consultation, formal v1.0 publication.

Stage
Working draft
Version
v0
Public consultation
Q4 2026
Formal publication
v1.0 — to follow consultation

Organizations interested in joining the institutional review stage are invited to make contact.

Request Early Access

Operational scope, not abstract principles.

  1. 01

    Business Email Compromise defense

  2. 02

    Email authentication as a coherent enforcement stack

    SPF · DKIM · DMARC · MTA-STS · TLS-RPT · BIMI

  3. 03

    Maturity tiering by business size and regulatory exposure

  4. 04

    Compliance mapping

    DPDP · GDPR · NIST · ISO 27001 · SOC 2

  5. 05

    Audit-grade verification checklists

Education and certification referenced to the Framework.

TESI develops the curriculum, examinations, and certifications that validate practitioner ability to implement the Framework in production environments. The first two certifications, with their accompanying programs, are in preparation on the same release cadence as the Framework.

CDA · Flagship Technical Certification

Certified DMARC Administrator

DNS-level email authentication and deliverability. SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI configured and operated against TESI's reference architecture.

CESP · Practitioner Certification

Certified Email Security Professional

Business Email Compromise defense, anti-phishing programs, and employee behavioral defense — the broader practitioner competencies organizations need beyond authentication.

Empirical foundation.

The Framework draws on two evidence bases — peer-reviewed external research authored by the founder, and observed-data benchmarks licensed from a separate company.

SSRN · 2025

The Email Security Dichotomy in India: An Analysis of Threat Proliferation, Digital Divides, and DMARC Adoption

Documents a "two-speed" email security environment in India — ~50% DMARC enforcement at the top of the corporate market, critically low adoption among SMEs. Examines the role of generative AI in widening this divide.

Read on SSRN →

The Index · Authex Labs

Observed-data benchmark of 4M+ domains

100 countries · 20 sectors. Licensed to TESI for research. TESI standards remain vendor-neutral; Authex Labs is one of many possible implementers.

About The Index →