Authorsteve

New laptop, old reminder

I have a new laptop.

New OS (maybe this year will be the year of Linux on the Desktop?). New hardware problems. New applications. New keyboard layout.

New mail client.

It reminded me of another reason why you want to keep the email address in your From: consistent – it’s something some users will use to automatically load images, which is something you probably want.

CAN-SPAM Again

The US CAN-SPAM act is the primary US legislation covering commercial email. It’s been around since 2003, but I still see a steady stream of questions about it, and the folkloric answers to some of them are all over the place. What does CAN-SPAM require? The important requirements are Don’t use false or misleading header information Don’t use deceptive subject lines Make it...

Gradual DMARC Rollout

Over on twitter Alwin de Bruin corrected me on an aspect of DMARC soft rollout I’d entirely forgotten about. It’s useful, so I thought I’d write a quick post about it. If you have a large mail stream and you want to avoid the Scary Red Flag Day when you turn on DMARC p=reject enforcement and wait for people to complain you can use the DMARC policy “pct=” tag to roll...

Why do my URLs have two dots?

You take a turn, I take a turn At the SMTP level email is very much a simple line-by-line text based protocol. The client sends a command on a single line, the server responds with one or more lines (the last one marked by having a space in the fourth column), and then the client sends another command. The main exception to that is when the client sends the payload of the email. Once the server...

Captchas

Captchas – those twisty distorted words you have to decipher and type in to access a website – have been around since the 1990s. Their original purpose was to tell the difference between a human user and an automated system, by requiring the user to answer a challenge – one that was supposedly hard for computers to solve, but easy for humans. A few years later they acquired the...

SPF and TXT records and Go

A few days ago Laura noticed a bug in one of our in-house tools – it was sometimes marking an email as SPF Neutral when it should have been a valid SPF pass. I got around to debugging it today and traced it back to a bug in the Go standard library. A DNS TXT record seems pretty simple. You lookup a hostname, you get some strings back. Those strings can be used for all sorts of things, but...

Good morning DMARC

I’m thinking I may need to deploy DMARC report automation sooner rather than later.

… and so on, and on, and on for a lot further down the mailbox.

DNS Flag Day

There are quite a lot of broken DNS servers out there. I’m sure that’s no surprise to you, but some of them might be yours. And you might not notice that until your domains stop working early next year. DNS is quite an old protocol, and when it was originally specified there wasn’t really a good way to extend the protocol to add new features. That was fixed about 19 years ago...

Check your abuse addresses

Even if you have excellent policies and an effective, empowered enforcement team you can still have technical problems that can cause you to drop abuse mail, and so lose the opportunity to get a bad actor off your network before they damage your reputation further. It’s not quite as simple as “We’re seeing email in our abuse ticketing system, so everything must be fine.”...

Your idea will not work. Here is why it won’t work.

Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of the current generation of under-researched...

Recent Posts

Archives

Follow Us