EDIT: Now with a production-ready implementation I talk about more here. On Tuesday I wrote about using DNS wildcards to implement customer-specific subdomains for email authentication. As I said then, that approach isn’t perfect. You’d much prefer to have per-customer domain authentication, where each customer has their own DKIM d= and ideally their own SPF records, rather than...
If you’re an ESP with small customers you may have looked at the recent Google / Yahoo requirements around DMARC-style alignment for authentication and panicked a bit. Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.…For direct mail, the domain in the...
When you query DNS for something you ask your local DNS recursive resolver for all answers it has about a hostname of a certain type. If you’re going to a website your browser asks your resolver for all records for “google.com” of type “A”1or “AAAA”, but that’s not important right now and it will either return all the A records for google.com it has...
Eventually our subscribers won’t want our email in their inbox any more. They can stop the mail either by unsubscribing from it, or by marking it as spam. We’d far rather they do the first so we should make it as easy as possible for them to unsubscribe. Also in most jurisdictions you’re legally required to offer a functional, easy to use unsubscription channel. So, how to do...
I stumbled across this story again this morning, and it’s such a lovely delivery yarn I thought I’d share it. It’s from Trey Harris, and it’s set in the mid 90s. Here's a problem that *sounded* impossible... I almost regret posting the story to a wide audience, because it makes a great tale over drinks at a conference. :-) The story is slightly altered in order to protect...
I’ve heard quite a bit of concern about what iOS 17’s automatic removal of click-tracking parameters means, but less discussion of what it actually does. Broadly it’s Apple trying to improve user-privacy by making it harder to do cross-site tracking at scale. Cross-site tracking is the basis of a lot of privacy-violating tracking technologies, and tracking parameters added to...
Trekkie Monster. He’s obsessed by social media and isn’t owned by Children’s Television Workshop. What is a Cookie? I’m not talking about biscuits, nor about web cookies, at least not exactly. When you’re talking to a protocol developer a cookie is a thing you’re given, that you hang on to for a while, then give back. If you leave your suitcase with your hotel...
Seen this recently? 451 Message temporarily deferred due to unresolvable RFC.5321 from domain; see This is Yahoo doing some extra work to identify that the 5321.From domain1The return-path, aka the 821.From, 5321.From, or bounce address is the email address you send from at the protocol level, not the email address in the From: header, and it’s the address any bounces will be sent to. of...
Several times recently I’ve heard about something unusual happening email delivery-wise at academic domains that was new, and wasn’t being seen at non-academic domains on the same lists. Most recently it was aggressive following of all links in an email at delivery time, seen at several .edu domains, all using the same mail provider. Not that unusual a thing in itself, we know that...
When we’re looking at the technical details of email addresses there are two quite different contexts we talk about. One is an “821 address” or “5321 address”. This is the email address as it’s used by the SMTP protocol, as part of the “MAIL FROM: <>” or “RCPT TO: <>” commands sent to the mailserver. It’s defined in RFC 821...
RSS - Posts