DMARC p=reject

Mail.ru is switching to p=reject.
This means that you should special-case mail.ru wherever …
Actually, no. Time to change that script.
If you operate an ESP or develop mailing list software you should be checking whether the email address that is being used in the From: address of email you’re sending is in a domain that’s publishing p=reject (is a “rejective” email address) automatically. And you should probably do that in real time, whenever you need that piece of information, relying on DNS caching to reduce the network latency.
If you find you’re about to send an email From a rejective email address, you probably shouldn’t send it. Depending on how the recipients’ ISPs handle it, it might be discarded put in the bulk folder or rejected – potentially leading to recipients being unsubscribed.
If you’re writing mailing list software, ideally you should provide your users with several options for handling submissions from rejective email addresses, perhaps some from this list:

  • Reject the submitted mail, passing the problem to the owner of the rejective email address and their ISP’s support staff
  • Use a From: address in a domain the list operator controls instead, making sure the author’s rejective email address is clearly included (perhaps in the “friendly from” comment)
  • Use a From: address in a domain the list operator controls, including the author’s rejective address in the Reply-To: field
  • Use ARC, Authenticated Received Chain. It’s not quite ready for use, yet, but it’s a great time to be developing support for it, and testing it at ARC interoperation days

If you’re an ESP with customers who want to send mail from rejective addresses you have fewer options. Sending from a domain you control, with a Reply-To containing the rejective address is one option. Encouraging your users to use an email provider that isn’t rejective – either by moving mail providers or, for companies and organizations rather than originals, buying their own domain and email service – is another.
Whatever you choose to do as an ESP you should make it as clear as possible in your user interface for user with rejective addresses that their using them may cause issues, and what changes you recommend or will take automatically. Being clear that the issue is due to a policy decision by their ISP rather than any ESP policy or technical limitation might reduce your support overhead.
(If you’re in New Orleans for the EEC conference, say “Hi!” to Laura).

Related Posts

A brief history of TXT Records

txt
When the Domain Name System was designed thirty years ago the concept behind it was pretty simple. It’s mostly just a distributed database that lets you map hostname / query-type pairs to values.
If you want to know the IP address of cnn.com, you look up {cnn.com, A} and get back a couple of IP addresses. If you want to know where to send mail for aol.com users, you look up {aol.com, MX} and you get a set of four hostname / preference pairs back. If you want to know the hostname for the IP address 206.190.36.45 you look up {45.36.190.206.in-addr.arpa, PTR} and get a hostname back.
There’s a well-defined meaning to each of those query types  – A is for IP addresses, MX is for mailservers, PTR is for hostnames – and that was always the intent for how DNS should work.
When DNS was first standardized, though, there was one query type that didn’t really have any semantic meaning:

Read More

Things you need to read

The email solicitation that made me vow to never work with this company again. When sending unsolicited email, you never know how the recipient is going to respond. Writing a public blog post calling you out can happen.
The 2016 Sparkies. Sparkpost is looking for nominations for their email marketing awards. Win a trip to Insight 2016!
5 CAN SPAM myths. Send Grid’s General Counsel speaks about CAN SPAM myths. Personally, asking for an email to unsubscribe is annoying. I never know if the unsubscribe request worked or not. Give me a link any day.
The most misunderstood statistic in email marketing. A good discussion of why raw complaint rates isn’t the metric the ISPs use, and how it can mislead folks about their email program.
Office 365 is expanding it’s DKIM signing. Terry Zink discusses the upcoming changes to how Office365 handles DKIM signatures. This is exactly the kind of changes I was talking about in my 2016 predictions post – background changes that are going to affect how we authenticate email. He even specifically calls out whether or not a particular signature is DMARC aligned or not.

Read More

Ask Laura: Confused about Authentication

AskLaura_Heading3

Read More