Gap Analysis & 2026-05-14 Ops
Web Portals & Email — Gap Analysis & 2026-05-14 Ops
Source: MC #100609 (parent audit) + verifier-confirmed evidence + CEO decisions log 2026-05-14
Ops execution: MC #100619 (DONE, 5/5 PASS), MC #100618 (PARTIAL — ops 2-3 BLOCKED)
Executive Summary
ALAI controls 15 registered domains across product lines (Bilko, SnowIT, Drop, Tok), spanning Serbia, Croatia, Bosnia, Norway, and global markets. Audit MC #100609 identified:
- Cloudflare Access login walls blocking public www.alai.no + www.basicconsulting.no (FIXED 2026-05-14)
- Split-brain email risk: 5 domains retained stale one.com MX fallback records after Migadu migration (FIXED 2026-05-14)
- Missing DMARC quarantine protection on 5 production email domains (FIXED 2026-05-14)
- 3 orphaned domains requiring cleanup or sunset (1 DONE, 2 BLOCKED on external DNS creds)
Post-ops status (2026-05-14): 8/8 domains on Migadu Standard plan (verified); 6/8 DMARC p=quarantine active; CF Access removed from www subdomains; one.com MX cleaned up on all domains. Two external partner domains (merdzanovic.ba, freemyev.com) blocked pending DNS provider access.
Domain Inventory — LIVE / PLACEHOLDER / BROKEN / MISSING
Production Domains (8 active email + web)
| Domain | Status | Primary Use | CF Zone | Migadu Email | DMARC |
|---|---|---|---|---|---|
| alai.no | LIVE | Holding company, system infra (docs/vault/mc/boards) | YES | YES | p=quarantine |
| basicconsulting.no | LIVE | Historical brand domain (ALAI Holding AS legal name was Basic AS until 2026-05-07) | YES | YES | p=quarantine |
| basicfakta.no | LIVE | Historical client portal (parked) | TBD | YES | p=quarantine |
| bilko.io | LIVE | Bilko Serbia market (canonical) | YES | YES | p=quarantine |
| bilko.cloud | LIVE | Bilko Croatia market (canonical, NOT bilko.hr) | TBD | YES (added 2026-05-14) | TBD |
| bilko.company | LIVE | Bilko Bosnia market (canonical, NOT bilko.ba) | TBD | YES (added 2026-05-14) | TBD |
| snowit.ba | LIVE | SnowIT SMB market | YES | YES | p=quarantine (pre-existing) |
| enterprise.snowit.ba | LIVE | SnowIT Enterprise brand split (Vercel CNAME only, no email) | NO (CNAME) | NO | n/a |
| getdrop.no | LIVE | Drop fintech (canonical, NOT drop.no which is TV2 Norway) | TBD | YES | p=quarantine |
| tokapi.io | LIVE | Tok API infrastructure | YES | TBD | TBD |
Partner / Legacy Domains (cleanup pending)
| Domain | Status | Owner | Action |
|---|---|---|---|
| merdzanovic.ba | BROKEN (404) | Enis Merdžanović (SnowIT partner, globaldns.com) | BLOCKED — awaiting DNS access (MC #100618 op2) |
| freemyev.com | PLACEHOLDER (405) | ALAI (GoDaddy, creds unknown) | BLOCKED — NULL-MX sunset pending (MC #100618 op3) |
| vivacareusa.com/.net/.org | DELETED | ALAI (superseded by LumisCare) | DONE — file tree deleted 2026-05-14 (MC #100618 op1) |
Bilko Market Domain Mapping (CEO 2026-05-14 Clarification)
CEO confirmed canonical domains per market. Do NOT pursue bilko.hr (unrelated Croatian firm, expires 2026-12-14). Do NOT pursue bilko.rs/.ba/.no (unregistered; deferred decision on brand protection).
| Market | Canonical Domain | Owned | Notes |
|---|---|---|---|
| Serbia | bilko.io | YES | NOT bilko.rs (unregistered, MC #100124) |
| Croatia (HR) | bilko.cloud | YES | NOT bilko.hr (BILKO d.o.o. Zagreb, unrelated firm, expires 2026-12-14) |
| Bosnia (BiH) | bilko.company | YES | NOT bilko.ba (unregistered) |
| Norway | none | NO | bilko.no unregistered (brand protection gap, deferred decision) |
Email Infrastructure (Migadu)
Configuration
- Provider: Migadu (https://admin.migadu.com)
- Credentials: Bitwarden — search "migadu"
- Plan: Standard (unlimited domains, verified by Proveo MC #100619)
- Active domains: 8 (alai.no, basicconsulting.no, basicfakta.no, bilko.io, snowit.ba, getdrop.no, bilko.cloud, bilko.company)
- MX format: 10 aspmx1.migadu.com / 20 aspmx2.migadu.com
2026-05-14 Cleanup — Stale one.com MX Removal
MC #100619 op2 removed 5 legacy one.com MX records (split-brain risk — if Migadu failed, mail would silently reroute to dead one.com inbox).
| Domain | Removed Records | Verification |
|---|---|---|
| alai.no | 100 c74jebhf4.mx.service.one. | PASS — dig +short MX alai.no returns only Migadu (2 records) |
| basicconsulting.no | 4× 100 mx[1-4].pub.mailpod11-cph3.one.com. | PASS — dig +short MX basicconsulting.no returns only Migadu (2 records) |
DMARC Policy Upgrade — p=quarantine
MC #100619 op4 upgraded 5 domains from p=none to p=quarantine pct=100 (reject suspicious mail at DMARC layer, not just SPF/DKIM).
| Domain | Before | After | Verification |
|---|---|---|---|
| alai.no | p=none | p=quarantine | PASS — dig +short TXT _dmarc.alai.no returns v=DMARC1; p=quarantine; pct=100 |
| basicconsulting.no | p=none | p=quarantine | PASS |
| basicfakta.no | p=none | p=quarantine | PASS |
| bilko.io | p=none | p=quarantine | PASS |
| getdrop.no | p=none | p=quarantine | PASS |
| snowit.ba | p=quarantine | (no change) | n/a — already compliant |
| bilko.cloud | TBD | TBD | Pending — added to Migadu 2026-05-14, DMARC not yet configured |
| bilko.company | TBD | TBD | Pending — added to Migadu 2026-05-14, DMARC not yet configured |
Cloudflare Access Status (post 2026-05-14)
Issue (MC #100609 Claim A — CONFIRMED HIGH by verifier)
www.alai.no and www.basicconsulting.no returned HTTP 302 redirect to cloudflareaccess.com login wall instead of landing pages. Public visitors saw auth gate.
Fix (MC #100619 op1)
Applied CF Access bypass policies to both www apps. Post-fix curl verification:
- www.alai.no: HTTP/2 522 (origin connection timeout — no 302 to cloudflareaccess.com)
- www.basicconsulting.no: HTTP/2 404 (Vercel DEPLOYMENT_NOT_FOUND — no 302 to cloudflareaccess.com)
Acceptance criterion: PASS — neither domain returns 302 to cloudflareaccess.com. 522/404 are origin configuration errors (separate issue, MC opened for redirect/origin path decision).
Known Issue (post-fix)
www subdomain origins return 522 (alai.no) or 404 (basicconsulting.no) instead of canonical redirect to apex or landing page. Separate MC opened; root cause = missing origin configuration in CF Pages or manual redirect rule needed.
Park / Sunset Decisions (CEO 2026-05-14)
| Domain | Decision | Status | Notes |
|---|---|---|---|
| alaione.no (Lobby product) | PARK | NXDOMAIN — no action needed | Product inactive, never re-registered after expiry |
| fontelepay.com (Lobby) | PARK | NXDOMAIN — no action needed | Product inactive |
| rendrom.no (legacy) | PARK | NXDOMAIN — no action needed | Unknown origin, never registered by ALAI |
| gotiva.* (placeholder) | PARK | NXDOMAIN — no action needed | Name collision with gotiva.ba (video studio, unrelated) |
| freemyev.com | NULL-MX SUNSET | BLOCKED — GoDaddy creds needed | RFC 7505 NULL MX (0 .) + DMARC p=reject + SPF v=spf1 -all. Current: HTTP 405, AWS backend. MC #100618 op3 documented DNS changes. |
| vivacareusa (.com/.net/.org) | DELETE | DONE — MC #100618 op1 | File tree deleted ~/clients-external/vivacareusa/ (backup ~/backups/vivacareusa-final-20260514.tar.gz). Domain ownership TBD. |
| merdzanovic.ba | RECONNECT CF Pages | BLOCKED — Enis DNS access | Partner domain (Enis Merdžanović, SnowIT). CF Pages project live (51deeb8e.merdzanovic-ba.pages.dev HTTP 200), custom domain failed DNS verification. Current DNS = Vercel (404 DEPLOYMENT_NOT_FOUND). MC #100618 op2 documented DNS changes for globaldns.com. |
Squat Watchlist (defer purchase, monitor expiry)
| Domain | Current Owner | Expires | Decision |
|---|---|---|---|
| plock.se | NEware AB (fruits.co marketplace, EUR 16k asking price) | 2026-12-06 | Defer — monitor for drop, not worth EUR 16k floor |
| bilko.hr | BILKO d.o.o. Zagreb (Ulica Grada Vukovara 246, legitimate Croatian firm) | 2026-12-14 | Do NOT pursue — unrelated business, bilko.cloud is canonical for HR market |
| drop.no | TV2 Norway (major broadcaster) | n/a | Not ALAI — we use getdrop.no |
| drop.app | Google (Charleston Road Registry, .app TLD operator) | n/a | Unobtainable — .app TLD controlled by Google |
| tok.no | transportbransjen.no (NEware AB) | 2026-12-06 | Cannot acquire imminently — we use tokapi.io |
Pending CEO Action
- Enis Merdžanović coordination (merdzanovic.ba): Provide globaldns.com panel access OR approve CF DNS transfer. Instructions documented in MC #100618 op2 evidence (~/system/evidence/100618-op2-dns-instructions.txt).
- GoDaddy credentials (freemyev.com): Locate account access OR approve CF domain transfer. Instructions documented in MC #100618 op3 evidence (~/system/evidence/100618-op3-dns-instructions.txt).
- www.alai.no + www.basicconsulting.no origin path decision: Separate MC opened (FlowForge queue). Options: (a) 301 redirect www → apex, (b) deploy static landing page to www origin, (c) configure CF Pages www custom domain.
Evidence References
- Audit source: MC #100609 verifier transcript (atomic claims 6/7 HIGH confidence) — /private/tmp/claude-501/-Users-makinja/79c227d4-489c-48ca-9d81-4e3ac42922ff/tasks/a5326fb78f47469ec.output
- Ops execution: MC #100619 Proveo validation 5/5 PASS — ~/system/evidence/100619-proveo-validation.txt + ~/system/evidence/100619-op[1-5]-*.txt
- Ops partial: MC #100618 FlowForge report — ~/system/evidence/100618-flowforge-report.md + ~/system/evidence/100618-op1-*.txt + ~/system/evidence/100618-op2-*.txt + ~/system/evidence/100618-op3-*.txt
- System-level infra map: ~/aisystem/DEPLOY-MAP.md sections 1-8 (Email & DNS extensions added 2026-05-14)
Published: 2026-05-14 | MC: #100613 | Author: Skillforge (John orchestrator)