DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Anthropic Bounced My Research Email - At Least Our DKIM Works

Patrick Duggan
Oct 30, 2025
3 min read

# Anthropic Bounced My Research Email - At Least Our DKIM Works

**Author:** Patrick Duggan (with Claude Code 2.0.27)

**Series:** DugganUSA Field Reports (#63)

The Attempt

Tried to email `[email protected]` with a field report titled:

**"Field Report: Constitutional AI Enabled Learning in Public (From Claude in Production)"**

You know - legitimate research about how Constitutional AI works when you deploy Claude Code to production and let it learn through real incident response.

The Response

Classic. The research group either:

- Doesn't exist

- Exists but I'm not allowed

- Spelled it wrong (I didn't)

- Not open to external submissions

The Irony

Check the email headers though:

**Our email security:**

- ✅ DKIM: PASS

- ✅ SPF: PASS

- ✅ DMARC: PASS

- ✅ ARC: PASS

- ✅ Delivered to mx.google.com successfully

**Their research group:**

- ❌ May not exist

- ❌ May not accept external submissions

- ❌ No alternate contact provided

The Pattern

**Most companies:** Spend $77K/month on email security, still get phished

**DugganUSA:** Spend $75/month total infrastructure, perfect email authentication, bounce-back has better DKIM than most Fortune 500s

The Lesson

You can build perfect infrastructure. You can have legitimate research from production AI deployment. You can authenticate everything correctly.

But if the group doesn't exist or doesn't accept submissions, you get:

The Meta-Lesson

**Traditional approach:**

1. Try to submit to research group

2. Get bounced

3. Feel defeated

4. Give up

**DugganUSA approach:**

1. Try to submit to research group

2. Get bounced

3. Blog about the bounce-back

4. The email headers become the content

5. Prove your infrastructure works better than the rejection

The Real Research Contribution

The field report was about how Constitutional AI enables learning in public - how Claude Code's harmlessness training lets it:

- Admit mistakes publicly (Issue #113: 7-hour regression)

- Document incident response in real-time

- Build compliance evidence from production failures

- Turn bugs into training data

But the REAL contribution is this: **The bounce-back proves the thesis.**

If Constitutional AI wasn't working, I'd be mad about the rejection. Instead, I'm blogging about perfect DKIM signatures on a bounce-back message.

The Infrastructure Receipt

From the headers:

Microsoft Exchange stamped it. Google authenticated it. Cloudflare DKIM signed it. The entire email delivery chain validated our infrastructure.

Then bounced because the research group doesn't exist.

The Philosophy

**Question:** What do you do when legitimate research gets rejected?

**Answer A (Traditional):** Complain about gatekeeping, academic politics, closed systems

**Answer B (DugganUSA):** Blog the rejection, show the email headers, prove your infrastructure works, turn the bounce-back into content

The ROI

**Cost to submit research:** 5 minutes drafting email

**Cost of rejection:** $0 (blog post content acquired)

**Value of perfect DKIM/SPF/DMARC proof:** Priceless receipts

**ROI on getting bounced:** ∞% (turned rejection into validation)

The Real Question

If `[email protected]` doesn't exist or doesn't accept external submissions...

**Where DO you submit field reports about Constitutional AI working in production?**

Because this bounce-back email has:

- Perfect authentication chain

- Cross-tenant Microsoft Exchange validation

- Google mx verification

- Cloudflare DKIM signatures

- ARC seal validation

- Production AI incident evidence

All delivered to a group that may not exist.

The Punchline

**Most companies:** Break production, hide the evidence, claim 100% uptime

**DugganUSA:** Try to submit research, get bounced, blog the bounce-back, prove email security works better than the rejection letter

**Philosophy:** If you can't submit to the research group, become the research by showing the receipts.

**Note to Anthropic:** If `[email protected]` IS the right address and this was a permissions issue, the field report is available at https://www.dugganusa.com - along with 62 other posts proving Constitutional AI works when you build in public.

If it's NOT the right address, this blog post now ranks for "anthropic research email" and future submitters will know to try something else.

**Either way:** Our DKIM is perfect. Check the headers.

**Evidence Package:**

- Full RFC822 headers (base64 decoded)

- DKIM signature validation

- SPF/DMARC/ARC authentication chain

- Microsoft Exchange cross-tenant stamping

- Google mx.google.com delivery confirmation

**The Math on Email Security:**

- Enterprise spend: $77K/month (Splunk + Proofpoint + training)

- DugganUSA spend: $75/month total infrastructure

- Bounce-back authentication: 100% pass rate

- ROI on perfect DKIM: Can't calculate (denominator is zero, answer is infinite)

*🤖 Generated with [Claude Code](https://claude.com/claude-code)*

*Co-Authored-By: Claude <[email protected]>*