BLOG

Author: steve

Final migration of Verizon email addresses to AOL

AOL were kind enough to share some details about the shutdown of the Verizon mail system and the migration of @verizon.net email address to the AOL mail service: What is the cut-over date for the verizon.net MX record? The cut-over date for the mx record for verizon.net to to be handled by AOL is June […]

3 Comments

Are they using DKIM?

It’s easy to tell if a domain is using SPF – look up the TXT record for the domain and see if any of them begin with “v=spf1”. If one does, they’re using SPF. If none do, they’re not. (If more than one does? They’re publishing invalid SPF.) AOL are publishing SPF. Geocities aren’t. For DKIM […]

3 Comments

Protocol-relative URLs in email

When you link to an external resource – an image, a javascript file, some css style – from a web page you do so with a URL, usually something like “https://example.com/blahblah.css” or “http://example.com/blahblah.css”. The world is beginning to go all https, all the time, but until recently good practice was to make a web page available […]

1 Comment

ARC: Authenticated Received Chain

On Friday I talked a little about DMARC being a negative assertion rather than an authentication method, and also about how and when it could be deployed without causing problems. Today, how DMARC went wrong and a partial fix for it that is coming down the standards pipeline. What breaks? DMARC (with p=reject) risks causing problems any […]

No Comments

The philosophy of DMARC

We know that legitimate email sent with valid SPF and a DKIM signature often breaks in transit. SPF will fail any time mail is forwarded – via a mailing list, a forwarding service used by the recipient, or just ad-hoc forwarding. DKIM will fail any time the message is modified in transit. That can be obviously […]

No Comments

You’re kidding me

All the authentication and DMARC in the world can’t save you from stupid. I just got a survey request from my bank. Or, at least, it claimed to be from my bank. From: Barclays International Banking Survey <internationalbanking@barclayssurveys.com> The mail passed SPF (though the SPF record suggests this is being mailed from all over the […]

2 Comments

… and bad acquisition practices

I talked last week about how incentivizing people to sign up for your mailing list could be effective when it’s done well. This week I’m staying at a Large International Hotel Chain and I’ve got a great example of what happens when it’s done poorly. The “free” wifi requires you to join the hotel’s loyalty […]

3 Comments

Every Download a Confirmation

We often talk about confirmed opt-in (aka “closed-loop opt-in” or “double opt-in”) as the gold standard for address acquisition for permission-based mail. It’s not the only way to gather permission, and in some ways it’s a rather blunt tool that can discourage people from completing a sign-up process if it’s done badly – the confirmation email […]

No Comments

Tools!

I just added a DMARC validation tool over on tools.wordtothewise.com. You can give it a domain – such as ebay.com – and it will fetch the DMARC record, then explain and validate it. Or you can paste the DMARC record you’re planning to publish into it,  to validate it before you go live. If you’ve not […]

2 Comments

The twilight of /8s

A “/8” is a block of 16,777,214 usable IP addresses. That’s a big fraction of the entire IPv4 address space – about 1/224, in fact. Each one is all the addresses that begin with a given number: 10.0.0.0/8 is all the IP addresses that begin with “10.”, “184.0.0.0/8” (or “184/8” for short) is all the […]

No Comments

Archives