Over on the DMARC-Discuss list, Comcast announced they had turned on DMARC validation and companies that publish DMARC records should start receiving reports from Comcast.
Hotmail has recently stopped using Sender ID for email authentication and switched to authenticating with SPF. The protocol differences between SenderID and SPF were subtle and most senders who were getting a pass at Hotmail were already publishing SPF records. From an email in my inbox from September: Authentication-Results: hotmail.com; sender-id=pass (sender IP is 65.55.240.72) header...
As an update to yesterday’s post, Gmail is contacting postmasters at domains signing with 512 bit keys to warn them of the upcoming changes. This message also clarifies “DKIM keys failing.” Messages signed with 512 bit keys or less will be treated as unsigned by Gmail in the next week or so. Hello, We noticed that your domain is sending email to Gmail users that is DKIM signed...
Today’s Wednesday question comes from Andrew B. and got pushed to Thursday so I could check a few more facts. Have @Gmail yet confirmed the @ReturnPath story that they’ll start failing weak DKIM sigs? RP cites no source: @hey4ndr3w The answer is that no one from Gmail has publicly confirmed that they’re failing to authenticate mail signed with weak DKIM keys. But conversations...
I’ve seen a few people talking about outlook.com and how it’s working. There aren’t many insights here but there are a couple. Images are not always showing up from all senders. There are two different “safe” sender lists: one for individuals and one for mailing lists. If you log in with a live.com account address (rather than a hotmail address or instead of creating...
There was a question submitted today about the verification process at Gmail. even though SPF authentication is passed, a via is added to mail sent from a webserver. The return-path is not the same as the visible from field, but there’s no way for me to change it. Does that mean I won’t be able to get rid of the via? This actually ties in to some research Steve and I did a few months ago about...
A new email industry group was announced this morning. DMARC is a group of industry participants, including large senders, large receivers and relevant intermediaries working on a framework to reduce the harm from phishing. DMARC is working on a standard to allow senders to publish sending policies and receivers to act on those policies. Currently, senders who want receivers to not deliver...
I was hoping to have a detailed post up today about the conditions where gmail presents the user with a “via” but time seems to have gotten away from me. But I can give you the conclusions. A via is presented to the user when you have a DKIM pass and the domain in the d= does not match the domain in the visible from address. In this case the interface shows via the d= domain. A via is...
There are a several approaches to authenticating email, and the different authentication methods have a lot of different settings to choose from (sometimes because they’re useful, other times just because they were designed by committee). It’s nice that they have that flexibility for the complex situations that might benefit from them, but almost all the time you just want to choose a...
Yesterday Gmail rolled out some changes to their interface. One of the changes is that they are now showing end users authentication results in the user screen. It’s really the next step in email authentication, showing the results to the end user. So how does Google do this? Google is checking both SPF and DKIM. If mail is authenticated and the authentication matches the from address then...
RSS - Posts