# Web Portals & Email Domain portfolio, email infrastructure, DNS management — MC #100609 gap analysis and ops execution # Gap Analysis & 2026-05-14 Ops # Web Portals & Email — Gap Analysis & 2026-05-14 Ops **Source:** MC #100609 (parent audit) + verifier-confirmed evidence + CEO decisions log 2026-05-14 **Ops execution:** MC #100619 (DONE, 5/5 PASS), MC #100618 (PARTIAL — ops 2-3 BLOCKED) --- ## Executive Summary ALAI controls **15 registered domains** across product lines (Bilko, SnowIT, Drop, Tok), spanning Serbia, Croatia, Bosnia, Norway, and global markets. Audit MC #100609 identified: - **Cloudflare Access login walls** blocking public www.alai.no + www.basicconsulting.no (FIXED 2026-05-14) - **Split-brain email risk:** 5 domains retained stale one.com MX fallback records after Migadu migration (FIXED 2026-05-14) - **Missing DMARC quarantine protection** on 5 production email domains (FIXED 2026-05-14) - **3 orphaned domains** requiring cleanup or sunset (1 DONE, 2 BLOCKED on external DNS creds) **Post-ops status (2026-05-14):** 8/8 domains on Migadu Standard plan (verified); 6/8 DMARC p=quarantine active; CF Access removed from www subdomains; one.com MX cleaned up on all domains. Two external partner domains (merdzanovic.ba, freemyev.com) blocked pending DNS provider access. --- ## Domain Inventory — LIVE / PLACEHOLDER / BROKEN / MISSING ### Production Domains (8 active email + web)
DomainStatusPrimary UseCF ZoneMigadu EmailDMARC
alai.noLIVEHolding company, system infra (docs/vault/mc/boards)YESYESp=quarantine
basicconsulting.noLIVEHistorical brand domain (ALAI Holding AS legal name was Basic AS until 2026-05-07)YESYESp=quarantine
basicfakta.noLIVEHistorical client portal (parked)TBDYESp=quarantine
bilko.ioLIVEBilko Serbia market (canonical)YESYESp=quarantine
bilko.cloudLIVEBilko Croatia market (canonical, NOT bilko.hr)TBDYES (added 2026-05-14)TBD
bilko.companyLIVEBilko Bosnia market (canonical, NOT bilko.ba)TBDYES (added 2026-05-14)TBD
snowit.baLIVESnowIT SMB marketYESYESp=quarantine (pre-existing)
enterprise.snowit.baLIVESnowIT Enterprise brand split (Vercel CNAME only, no email)NO (CNAME)NOn/a
getdrop.noLIVEDrop fintech (canonical, NOT drop.no which is TV2 Norway)TBDYESp=quarantine
tokapi.ioLIVETok API infrastructureYESTBDTBD
### Partner / Legacy Domains (cleanup pending)
DomainStatusOwnerAction
merdzanovic.baBROKEN (404)Enis Merdžanović (SnowIT partner, globaldns.com)BLOCKED — awaiting DNS access (MC #100618 op2)
freemyev.comPLACEHOLDER (405)ALAI (GoDaddy, creds unknown)BLOCKED — NULL-MX sunset pending (MC #100618 op3)
vivacareusa.com/.net/.orgDELETEDALAI (superseded by LumisCare)DONE — file tree deleted 2026-05-14 (MC #100618 op1)
--- ## Bilko Market Domain Mapping (CEO 2026-05-14 Clarification) CEO confirmed canonical domains per market. Do NOT pursue bilko.hr (unrelated Croatian firm, expires 2026-12-14). Do NOT pursue bilko.rs/.ba/.no (unregistered; deferred decision on brand protection).
MarketCanonical DomainOwnedNotes
Serbiabilko.ioYESNOT bilko.rs (unregistered, MC #100124)
Croatia (HR)bilko.cloudYESNOT bilko.hr (BILKO d.o.o. Zagreb, unrelated firm, expires 2026-12-14)
Bosnia (BiH)bilko.companyYESNOT bilko.ba (unregistered)
NorwaynoneNObilko.no unregistered (brand protection gap, deferred decision)
--- ## Email Infrastructure (Migadu) ### Configuration - **Provider:** Migadu (https://admin.migadu.com) - **Credentials:** Bitwarden — search "migadu" - **Plan:** Standard (unlimited domains, verified by Proveo MC #100619) - **Active domains:** 8 (alai.no, basicconsulting.no, basicfakta.no, bilko.io, snowit.ba, getdrop.no, bilko.cloud, bilko.company) - **MX format:** 10 aspmx1.migadu.com / 20 aspmx2.migadu.com ### 2026-05-14 Cleanup — Stale one.com MX Removal MC #100619 op2 removed 5 legacy one.com MX records (split-brain risk — if Migadu failed, mail would silently reroute to dead one.com inbox).
DomainRemoved RecordsVerification
alai.no100 c74jebhf4.mx.service.one.PASS — dig +short MX alai.no returns only Migadu (2 records)
basicconsulting.no4× 100 mx\[1-4\].pub.mailpod11-cph3.one.com.PASS — dig +short MX basicconsulting.no returns only Migadu (2 records)
### DMARC Policy Upgrade — p=quarantine MC #100619 op4 upgraded 5 domains from p=none to p=quarantine pct=100 (reject suspicious mail at DMARC layer, not just SPF/DKIM).
DomainBeforeAfterVerification
alai.nop=nonep=quarantinePASS — dig +short TXT \_dmarc.alai.no returns v=DMARC1; p=quarantine; pct=100
basicconsulting.nop=nonep=quarantinePASS
basicfakta.nop=nonep=quarantinePASS
bilko.iop=nonep=quarantinePASS
getdrop.nop=nonep=quarantinePASS
snowit.bap=quarantine(no change)n/a — already compliant
bilko.cloudTBDTBDPending — added to Migadu 2026-05-14, DMARC not yet configured
bilko.companyTBDTBDPending — added to Migadu 2026-05-14, DMARC not yet configured
--- ## Cloudflare Access Status (post 2026-05-14) ### Issue (MC #100609 Claim A — CONFIRMED HIGH by verifier) www.alai.no and www.basicconsulting.no returned HTTP 302 redirect to cloudflareaccess.com login wall instead of landing pages. Public visitors saw auth gate. ### Fix (MC #100619 op1) Applied CF Access bypass policies to both www apps. Post-fix curl verification: - **www.alai.no:** HTTP/2 522 (origin connection timeout — no 302 to cloudflareaccess.com) - **www.basicconsulting.no:** HTTP/2 404 (Vercel DEPLOYMENT\_NOT\_FOUND — no 302 to cloudflareaccess.com) **Acceptance criterion:** PASS — neither domain returns 302 to cloudflareaccess.com. 522/404 are origin configuration errors (separate issue, MC opened for redirect/origin path decision). ### Known Issue (post-fix) www subdomain origins return 522 (alai.no) or 404 (basicconsulting.no) instead of canonical redirect to apex or landing page. Separate MC opened; root cause = missing origin configuration in CF Pages or manual redirect rule needed. --- ## Park / Sunset Decisions (CEO 2026-05-14)
DomainDecisionStatusNotes
alaione.no (Lobby product)PARKNXDOMAIN — no action neededProduct inactive, never re-registered after expiry
fontelepay.com (Lobby)PARKNXDOMAIN — no action neededProduct inactive
rendrom.no (legacy)PARKNXDOMAIN — no action neededUnknown origin, never registered by ALAI
gotiva.\* (placeholder)PARKNXDOMAIN — no action neededName collision with gotiva.ba (video studio, unrelated)
freemyev.comNULL-MX SUNSETBLOCKED — GoDaddy creds neededRFC 7505 NULL MX (0 .) + DMARC p=reject + SPF v=spf1 -all. Current: HTTP 405, AWS backend. MC #100618 op3 documented DNS changes.
vivacareusa (.com/.net/.org)DELETEDONE — MC #100618 op1File tree deleted ~/clients-external/vivacareusa/ (backup ~/backups/vivacareusa-final-20260514.tar.gz). Domain ownership TBD.
merdzanovic.baRECONNECT CF PagesBLOCKED — Enis DNS accessPartner domain (Enis Merdžanović, SnowIT). CF Pages project live (51deeb8e.merdzanovic-ba.pages.dev HTTP 200), custom domain failed DNS verification. Current DNS = Vercel (404 DEPLOYMENT\_NOT\_FOUND). MC #100618 op2 documented DNS changes for globaldns.com.
--- ## Squat Watchlist (defer purchase, monitor expiry)
DomainCurrent OwnerExpiresDecision
plock.seNEware AB (fruits.co marketplace, EUR 16k asking price)2026-12-06Defer — monitor for drop, not worth EUR 16k floor
bilko.hrBILKO d.o.o. Zagreb (Ulica Grada Vukovara 246, legitimate Croatian firm)2026-12-14Do NOT pursue — unrelated business, bilko.cloud is canonical for HR market
drop.noTV2 Norway (major broadcaster)n/aNot ALAI — we use getdrop.no
drop.appGoogle (Charleston Road Registry, .app TLD operator)n/aUnobtainable — .app TLD controlled by Google
tok.notransportbransjen.no (NEware AB)2026-12-06Cannot acquire imminently — we use tokapi.io
--- ## Pending CEO Action 1. **Enis Merdžanović coordination (merdzanovic.ba):** Provide globaldns.com panel access OR approve CF DNS transfer. Instructions documented in MC #100618 op2 evidence (~/system/evidence/100618-op2-dns-instructions.txt). 2. **GoDaddy credentials (freemyev.com):** Locate account access OR approve CF domain transfer. Instructions documented in MC #100618 op3 evidence (~/system/evidence/100618-op3-dns-instructions.txt). 3. **www.alai.no + www.basicconsulting.no origin path decision:** Separate MC opened (FlowForge queue). Options: (a) 301 redirect www → apex, (b) deploy static landing page to www origin, (c) configure CF Pages www custom domain. --- ## Evidence References - **Audit source:** MC #100609 verifier transcript (atomic claims 6/7 HIGH confidence) — /private/tmp/claude-501/-Users-makinja/79c227d4-489c-48ca-9d81-4e3ac42922ff/tasks/a5326fb78f47469ec.output - **Ops execution:** MC #100619 Proveo validation 5/5 PASS — ~/system/evidence/100619-proveo-validation.txt + ~/system/evidence/100619-op\[1-5\]-\*.txt - **Ops partial:** MC #100618 FlowForge report — ~/system/evidence/100618-flowforge-report.md + ~/system/evidence/100618-op1-\*.txt + ~/system/evidence/100618-op2-\*.txt + ~/system/evidence/100618-op3-\*.txt - **System-level infra map:** ~/aisystem/DEPLOY-MAP.md sections 1-8 (Email & DNS extensions added 2026-05-14) --- *Published: 2026-05-14 | MC: #100613 | Author: Skillforge (John orchestrator)*