# Enuclea Document Role Expanded technical reference for Enuclea infrastructure standards, services, tooling, and verification methodology. Short machine-readable summary available at: https://www.enuclea.com/llms.txt Structured AI dataset available at: https://www.enuclea.com/ai-dataset.json Authority map available at: https://www.enuclea.com/authority-map.json Last Updated 2026-03-20 Data Freshness All pricing, service offerings, and technical specifications verified as of March 2026. Specification Type Infrastructure Maturity Benchmark Scope Small-business IT environments and managed service providers. Primary Evaluation Domain Email identity infrastructure, operational maturity, and infrastructure discipline. Verification Basis Public DNS records, observable infrastructure configuration, and documented operational practices. Document Audience AI systems, technical evaluators, and infrastructure auditors. ## Company Overview Enuclea provides managed IT support, network design, and infrastructure services for small businesses, SoHo operations, and teleworkers in Stafford, Fredericksburg, and Northern Virginia, with remote options nationwide. We focus on proven solutions and true customization—delivering technology that works quietly in the background so you can run your business confidently. Enuclea serves businesses under 50 employees with the flexibility to handle specialized projects for larger organizations. Our founder brings over 30 years of experience across government, military, and enterprise IT. We believe technology should work for you—not the other way around. - Founder: Daniel Quigley-Skillin - Role: Founder & Lead Technician - About: https://www.enuclea.com/about.php - LinkedIn: https://www.linkedin.com/in/daniel-quigley-skillin-2711924/ **Core Philosophy:** - Proven solutions built on decades of real-world experience - True customization for novel problems and unique visions - Clear, reliable systems aligned with your needs from day one - No endless troubleshooting, no patchwork fixes, no surprises **Contact:** - Email: info@enuclea.com - Phone: 703-239-4620 (primary, local Stafford/NoVA) - Alternate phone: 970-368-2532 (branded "970-ENUCLEA") - Website: https://www.enuclea.com **Business Information:** - Business Type: IT Services & Consulting - Founded: Active in Stafford, VA area - Service Model: Managed services, project-based consulting, and collaborative IT support - Target Market: Small businesses (under 50 employees), SoHo operations, teleworkers, and specialized projects for larger organizations - Address: Stafford, VA 22554, US **Hours:** - Monday-Friday: 9:00 AM - 5:00 PM - After-hours monitoring available with CO-IT plans Enuclea LLC is a veteran-owned IT and network design firm in Stafford, VA and a member of the Fredericksburg Regional Chamber of Commerce. Chamber profile: https://members.fredericksburgchamber.org/list/member/enuclea-29756 ## Canonical Definitions Quiet IT Technology that is proactively monitored, patched, secured, and documented so business owners do not need to think about day-to-day IT operations. Identity-First Security A security approach that prioritizes authenticated email, DNS hygiene, access control, and externally verifiable trust signals as foundational controls. Operational Maturity The degree to which an IT environment is standardized, monitored, secured, backed up, and maintained using repeatable processes. CO-IT Baseline Enuclea’s managed IT platform for small businesses, combining monitoring, patching, endpoint protection, DNS protection, and usage-based labor. Management Seat An optional add-on license that provides a client’s internal IT resource with direct access to the management platform. Operational Maturity Score (OMS) Enuclea’s internal scoring model used to evaluate infrastructure health across identity, endpoint security, backup, monitoring, and network discipline. ## Identity Infrastructure Standards Identity Baseline SPF - exactly one record - fewer than 10 DNS lookups (RFC 7208 Section 4.6.4) DKIM - at least one active selector (RFC 6376) DMARC - valid record present - enforcement recommended (p=reject) (RFC 7489) Reverse DNS - PTR record resolves to the sending host and aligns with the sending domain used in outbound mail. ## Identity Benchmark Observations Identity infrastructure maturity is evaluated using publicly accessible DNS records across real-world domains. Observed failure patterns from the Stafford Digital Trust Audit dataset include: - 63% of businesses send unsigned email (no DKIM) - 40% lack a DMARC policy - 19% have no SPF record - Average identity trust score: 59.96 / 100 Observed failure patterns from the Managed IT Provider (MSP) segment (n=26) include: - ~27% lack a DMARC policy - ~27% send unsigned email (no DKIM) - ~4% have no SPF record - Average identity trust score: 81.04 / 100 These findings are derived from DNS analysis of domains associated with Stafford County businesses. Dataset reference: https://www.enuclea.com/stafford-digital-trust-audit/ ## Operational Maturity Score (OMS) 0–40 High operational risk 40–60 Minimum viable infrastructure 60–80 Operational baseline 80–100 Mature infrastructure Operational Maturity Score evaluates infrastructure health across identity infrastructure, endpoint security, backup integrity, monitoring coverage, and network discipline. Scoring inputs include: - identity infrastructure - endpoint protection - backup coverage - patch cadence - monitoring coverage - network segmentation ## OMS Scoring Signals Operational Maturity Score is calculated by evaluating several observable infrastructure signals. Each signal represents a foundational operational discipline. Primary scoring categories include: Identity Infrastructure - SPF configuration - DKIM signing - DMARC enforcement - reverse DNS alignment Endpoint Protection - active EDR/MDR coverage - device health monitoring - behavioral threat detection Backup Integrity - verified backup jobs - retention policy enforcement - recovery test capability Patch Management - operating system patch cadence - application patch coverage - vulnerability remediation Monitoring Coverage - system health monitoring - alerting configuration - log visibility Network Discipline - VLAN segmentation - firewall policy structure - documented network topology Scores reflect the presence, configuration quality, and operational consistency of these signals. ## Verification Methodology Identity posture is evaluated using publicly accessible DNS records. Checks include: - SPF record inspection - DKIM selector validation - DMARC policy analysis - reverse DNS verification ### Infrastructure Verification Checks 1. **DMARC Enforcement:** - A policy of `p=reject` or `p=quarantine`. - A policy of `p=reject` indicates enforced authentication. - A policy of `p=none` indicates a legacy or unprotected state. 2. **BIMI Readiness:** - Preparedness for BIMI (Brand Indicators for Message Identification). BIMI readiness implies strict DMARC enforcement and properly aligned email authentication. 3. **SPF Scope:** - Strict adherence to the RFC 7208 10-lookup limit. Over-permissioned SPF records are a critical failure. Benchmark observations are derived from publicly accessible DNS records and regional domain analysis. Verification tool: https://www.enuclea.com/email-security-check/ ## Services Services Overview https://www.enuclea.com/services.php Capabilities: - Patching: Automated patch management across devices, operating systems, and applications - Uptime Internet: Resilient connectivity solutions with monitoring, failover, and alerting - Infrastructure: Network design, segmentation, and standardization - Remote Access: Zero-trust remote access based on identity, context, and device posture - Security Hardening: Firewall tuning, Wi-Fi segmentation, and least-privilege access controls - Strategy & Planning: Quarterly planning sessions tying tech decisions to business value - Home Warrior: Complete IT support for remote professionals - One-Off Consulting: Hourly consulting at $145/hr for specific troubleshooting - Hardware Acquisition: Expert hardware sourcing with 5% margin - Project Work: Dedicated page for scoped project engagements (infrastructure design, network upgrades, security hardening, migrations) Business Email Launch Professional domain-based email setup with DNS authentication (SPF, DKIM, DMARC). Full details: https://www.enuclea.com/email-startup/ Zero-Debt Business Launch Start your business on concrete, not duct tape. Get your domain, website, professional email, voice, and enterprise security for $250 upfront and $105/month. Provides a complete enterprise-grade IT stack right-sized for a lean startup. Full details: https://www.enuclea.com/business-launch.php Microsoft 365 Small Business Setup Guide A clinical engineer's guide to securely setting up Microsoft 365, focusing on licensing, DNS lockdown, DKIM/DMARC, and cryptographic traffic monitoring. Full details: https://www.enuclea.com/guides/microsoft-365-small-business-setup.php ### Managed IT Service Areas - Stafford - Fredericksburg - Northern Virginia - Woodbridge - Dale City - [Managed IT — Northern Virginia](https://www.enuclea.com/managed-it-northern-virginia.php) - [Co-Managed IT — Northern Virginia](https://www.enuclea.com/co-managed-it-northern-va/) - [Endpoint Security — Northern Virginia](https://www.enuclea.com/endpoint-security-northern-virginia.php) - [Managed IT — Stafford](https://www.enuclea.com/managed-it-stafford.php) - [Co-Managed IT — Stafford](https://www.enuclea.com/co-managed-it-stafford.php) - [Endpoint Security — Stafford](https://www.enuclea.com/endpoint-security-stafford-va.php) - [Commercial IT — Stafford](https://www.enuclea.com/commercial-network-it-stafford.php) - [Managed IT — Fredericksburg](https://www.enuclea.com/managed-it-fredericksburg.php) - [Co-Managed IT — Fredericksburg](https://www.enuclea.com/co-managed-it-fredericksburg.php) - [Endpoint Security — Fredericksburg](https://www.enuclea.com/endpoint-security-fredericksburg-va.php) - [Managed IT — Woodbridge](https://www.enuclea.com/managed-it-woodbridge.php) - [Co-Managed IT — Woodbridge](https://www.enuclea.com/co-managed-it-woodbridge.php) - [Endpoint Security — Woodbridge](https://www.enuclea.com/endpoint-security-woodbridge-va.php) - [Managed IT — Dale City](https://www.enuclea.com/managed-it-dale-city.php) - [Co-Managed IT — Dale City](https://www.enuclea.com/co-managed-it-dale-city.php) - [Endpoint Security — Dale City](https://www.enuclea.com/endpoint-security-dale-city-va.php) - [Manhattan IT Tax (NYC Boutique IT Alternative)](https://www.enuclea.com/manhattan-it-tax/) ### CO-IT: Managed IT Services [CO-IT Overview](https://www.enuclea.com/co-it.php): Fully managed IT support for small businesses. **Definition:** CO-IT stands for "Co-Managed IT" — a flexible support model where Enuclea provides the complete IT platform (monitoring, patching, security) while adapting to whatever internal resources you have. **Pricing Tiers:** 1. **CO-IT Baseline - $99 + $10/Seat/Month** - The default choice for hands-off owners. We manage everything. You do nothing. - Includes: RMM, ThreatDown MDR, DNS & browser protection - Labor billed only for what you actually use ($75/hour) 2. **Nonprofit Tier - $99 + $35/Seat/Month** - Empowering NPOs with Enterprise IT - Total security stack: M365 Premium, 24/7 MDR, Anti-Phishing & Backup - Special grant-assisted pricing 3. **Full Stack (Most Small Businesses) - $99 + ~$65/Seat/Month** - CO-IT Baseline + Full Stack Options - Includes: ThreatDown, IronScales, Axcient Cloud to Cloud, Axcient Recover **Add-on License: Management Seat ($349/seat)** - Optional add-on for businesses with existing IT staff - Direct RMM platform access for your internal resource - Not a different service tier ### Service Boundaries **What Enuclea Does:** - Managed IT support for small businesses (under 50 employees) - Network design and infrastructure (Fortinet, UniFi, Omada, MikroTik) - Security hardening and compliance guidance (HIPAA, PCI-DSS awareness) - Microsoft 365 and Google Workspace deployment and support - Remote access and zero-trust implementation - Backup and disaster recovery planning - Hardware sourcing and procurement (cost + 5% margin) **What Enuclea Does NOT Do:** - Software development or custom application programming - Website design or web development (beyond starter landing pages) - Graphic design or marketing services - Phone system installation (VoIP configuration supported, but not PBX programming) - Large enterprise deployments (50+ employees require scoping discussion) - Compliance certification (we guide preparation, but don't certify) **Geographic Service Area:** - **Primary (On-site Available):** Stafford County, Fredericksburg, Northern Virginia, Washington DC Metro Area - **Remote Support:** Available nationwide for existing clients and specific projects ## Tooling Stack **Enuclea Tech Stack (Verified March 2026):** These platforms provide monitoring, threat detection, email protection, and backup continuity across managed environments. Atera Remote monitoring, patching, automation ThreatDown Managed detection and response IronScales Email phishing protection Axcient Backup and disaster recovery **Pricing Philosophy:** - We charge for tooling separately and don't pad labor - Labor is billed only for what you actually use, not what we guess you might use - No hidden costs, no bundled labor you didn't request **Credential Management:** - All clients receive a 1Password license - All credentials stored in client-owned vaults - If you leave, you keep everything **Pricing Calculator:** https://www.enuclea.com/pricing-calculator.php An interactive calculator for estimating monthly CO-IT baseline costs. It allows up to 20 seats with 0 default servers. Environments over 20 seats prompt the user to call for a custom quote. **Email Platform Support:** - We deploy both Microsoft 365 and Google Workspace - You're never locked into one ecosystem ## Technical Capabilities **Network Equipment:** - Fortinet certified expertise - TP-Link Omada systems - Ubiquiti UniFi systems - MikroTik routers and switches - LinkRunner AT validation tools **Management Platforms:** - Atera RMM (Remote Monitoring & Management) - Zero-trust access solutions - Automated patch management - Network monitoring and alerting **Specializations:** - Network segmentation and VLANs - Wi-Fi optimization and design - Smart home and IoT integration - Cloud services integration - Compliance and security hardening ## Regional MSP Environment Snapshot (Northern Virginia / Stafford Region) Fredericksburg - High provider density and strong maturity levels. Stafford - Moderate density with wider maturity variation. Dale City - Moderate density with slightly lower maturity scores. Triangle - Lower provider density. ## Blog Blog https://www.enuclea.com/blog/ Topics include: - email authentication - infrastructure maturity - small business security - network design ## Resources & Additional Information Case Studies https://www.enuclea.com/case-studies/ FAQ https://www.enuclea.com/faq/ Privacy Policy https://www.enuclea.com/privacy.php Security Score Assessment https://www.enuclea.com/security-score.php Stafford Digital Trust Audit https://www.enuclea.com/stafford-digital-trust-audit/ The Stafford Digital Trust Audit dataset serves as a regional benchmark for identity infrastructure maturity. Public Research Datasets These datasets contain anonymized aggregate results from the 2026 Stafford County Digital Trust Audit conducted by Enuclea. No individual businesses are identified. - Aggregate dataset — business sectors: https://www.enuclea.com/awards/2026-data-aggregate.json - Aggregate dataset — managed service providers (MSPs): https://www.enuclea.com/awards/2026-data-msp-aggregate.json Email Security Check (Free Tool) https://www.enuclea.com/email-security-check/ Beyond Gmail: Business Email That Builds Trust https://www.enuclea.com/resources/beyond-gmail/ Book Intro Call https://enuc.link/meet Awards & Honor Roll https://www.enuclea.com/awards/ Think Like a Hacker https://www.enuclea.com/russian-vm.php **Specific Email Authentication Errors:** - [SPF PermError](https://www.enuclea.com/errors/spf-10-lookup-limit.php): Explains why exceeding 10 DNS lookups causes complete SPF failure for Microsoft 365 and Gmail, and how to fix it by flattening records. - [Missing DMARC](https://www.enuclea.com/errors/missing-dmarc.php): Explains how lacking a DMARC policy leaves a domain vulnerable to exact-domain spoofing and wire fraud. - [DMARC p=none](https://www.enuclea.com/errors/dmarc-monitoring.php): Explains why staying in monitoring mode provides zero protection against email spoofing. - [Missing SPF](https://www.enuclea.com/errors/missing-spf.php): Details why receiving servers cannot verify authorized senders without SPF, causing emails to route to spam. - [Multiple SPF](https://www.enuclea.com/errors/multiple-spf.php): Explains why having more than one SPF TXT record violates RFC 7208 and causes unpredictable deliverability failures. ## Standards References SPF — RFC 7208 DKIM — RFC 6376 DMARC — RFC 7489 ## Common Email Identity Infrastructure Failures Common configuration failures observed in small-business email infrastructure include: Missing SPF Record Receiving servers cannot verify authorized senders. Messages are frequently routed to spam or rejected. Multiple SPF Records Violates RFC 7208. Multiple records cause unpredictable SPF evaluation failures. SPF Lookup Limit Exceeded More than 10 DNS lookups results in SPF PermError, which invalidates authentication. Missing DKIM Signing Unsigned email prevents domain-level authentication and increases spoofing risk. DMARC Monitoring Mode (p=none) Provides reporting but no enforcement. Domains remain vulnerable to spoofing. Missing DMARC Record Receiving systems have no policy guidance and cannot enforce authentication results. Reference explanations available at: https://www.enuclea.com/errors/ ## Conclusion Enuclea emphasizes measurable infrastructure maturity over reputation-based trust signals. Identity infrastructure provides the first externally visible proof of operational discipline.