further work after discussion with maintainer

Author: gunnim

docs/pages/infrastructure/domain-and-dns-security/dnssec-and-email.mdx

@@ -103,7 +103,8 @@ Before setting CAA records, identify which CA issued your current certificate:
 **Setup process**: Add CAA records to your DNS zone. Most DNS providers allow you to add these through their web interface:
 
 With the issuers full name in hand we now need to map it to the "Issuer Domain Name".
-There is no centralized repository mapping public CA's to their issuer domain names but they are generally easily found with a simple search for f.x. "Let's Encrypt CAA".
+There is no centralized repository mapping public CA's to their issuer domain names but they are generally easily found with a simple search for f.x. "Let's Encrypt CAA". \
+The Common CA Database also provides a comprehensive collection to reference: https://ccadb.org/resources
 
 ```
 # Allow only specific CAs to issue certificates
@@ -211,6 +212,7 @@ DMARC builds on SPF and DKIM to provide policy enforcement for email authenticat
 
 **How it protects you**: DMARC prevents email spoofing by instructing receiving servers to reject or quarantine emails that fail authentication, protecting your users from phishing attacks.
 Without it, emails breaking SPF/DKIM may still be delivered by some providers (like Gmail, Outlook), often to the inbox or spam folder, sometimes with a warning banner (e.g., "This message may not be from…")
+DMARC also enables aggregate (rua) and forensic (ruf) reporting, giving domain owners visibility into who is sending email on their behalf - legitimate or otherwise.
 
 **Setup**: Add a DMARC record to your DNS zone: