Authorsteve

One-click unsubscribe

The worst thing about the yahoogle requirements has been their use of the term “one-click unsubscribe”. It’s an overloaded term that’s being used here to mean RFC 8058 in-app unsubscription. That’s a completely different thing to what one-click unsubscription has been used to mean for decades, often in the context of complying with legal requirements around...

Don’t trust Gmail’s Show Original

It’s not always easy to know what the actual headers and body of an email as sent look like. For a long time accepted wisdom was that you could send a copy to your gmail account, and use the Show Original menu option to, well, see the original message as raw text. It turns out that’s not actually something you can trust. I used swaks to send a test message with an extra header to my...

Are you a grown-up sender?

Yes, it’s another yahoogle best practices post. Google divide their requirements for senders into those sending more than 5,000 messages a day, and those sending less. Yahoo divide their requirements into “All Senders” and “Bulk Senders”, and explicitly don’t define that via a volume threshold: “A bulk sender is classified as an email sender sending a...

Yahoogle FAQs

Just a very, very short post with links to the Yahoo and Google requirements FAQs. Given I can’t ever remember them I’m guessing lots of y’all can’t either.

Yahoo: and :

About My Email

Happy 2024, everyone! We’ve released a shiny new tool to let folks self-check a lot of common questions we see about email requirements. Go to AboutMy.email and send an email to the email address it gives you. Once it receives that email it will go through it and do many of the basic checks we’d usually do to check the technical health of a client’s email1AboutMy.email is a...

Yahoogle Requirements Update

Since I wrote about it last month the requirements for bulk senders to Yahoo and Google have changed a little.

The big change is that bulk senders need to authenticate with both SPF and DKIM, rather than SPF or DKIM. Only one of those has to align with the 822 From: header.

Can you STARTTLS?

Email supports TLS (Transport Layer Security), what we used to call SSL. Unlike the web, which split it’s TLS support off into a completely different protocol – https, listening on port 443 vs http listening on port 80 – SMTP implements it inside it’s non-encrypted protocol. A mailserver advertises that it supports this by having the word “STARTTLS” in the...

Customer subdomain authentication

On Tuesday I wrote about using DNS wildcards to implement customer-specific subdomains for email authentication. As I said then, that approach isn’t perfect. You’d much prefer to have per-customer domain authentication, where each customer has their own DKIM d= and ideally their own SPF records, rather than having all customers sharing those records and relying on loose DMARC...

Wildcards and DKIM and DMARC, oh my!

If you’re an ESP with small customers you may have looked at the recent Google / Yahoo requirements around DMARC-style alignment for authentication and panicked a bit. Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.…For direct mail, the domain in the...

Deferrals at Microsoft

If you’re seeing a lot of “451 4.7.500 Server busy. Please try again later” from Office365 this morning you’re not alone. Microsoft are aware of the issue, and incident EX680695 says: Current status: We’ve identified that specific IP addresses are being unexpectedly limited by our anti-spam procedures, causing inbound external email delivery to become throttled and delayed...

Recent Posts

Archives

Follow Us