Related Posts

Yahoo Statement on DMARC policy

Yesterday Yahoo posted a statement about their new p=reject policy. Based on this statement I don’t expect Yahoo to be rolling back the policy any time soon. It seems it was incredibly effective at stopping spoofed Yahoo mail.

Read More

Holomaxx dismisses part of lawsuit

Ken announced yesterday that Holomaxx dropped their suits against Ironport and ReturnPath. Suits against Yahoo and Hotmail are still active.
In the Yahoo case, there is a case management meeting on January 14th.
In the Microsoft case, a response the complaint is due by December 17th.
I’m not quite sure what happened to prompt this change, but I think it makes it even more unlikely that the case will be successful. The courts have repeatedly ruled in favor of ISPs in these kinds of cases.
EDIT: I’d link to Ken’s article, but I appear to have closed that tab and I can’t find it on his website. I’ll add it as soon as I do.
EDIT: Ken’s announcement

Read More

A brief DMARC primer

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains what to do with messages that do not authenticate. In addition, DMARC introduces the concept of “domain alignment.” What this means is that the authentication has to be from the same domain (or a sub-domain) as the address in the header-from: line. The idea behind DMARC is that organizational owners can use SPF and DKIM authentication to authenticate their actual domain in the header-from line. This moves authentication from a important but behind the scenes technology out to an end user visible technology.

Read More