BLOG

Tag: dmarc

ARC: Authenticated Received Chain

On Friday I talked a little about DMARC being a negative assertion rather than an authentication method, and also about how and when it could be deployed without causing problems. Today, how DMARC went wrong and a partial fix for it that is coming down the standards pipeline. What breaks? DMARC (with p=reject) risks causing problems any […]

No Comments

The philosophy of DMARC

We know that legitimate email sent with valid SPF and a DKIM signature often breaks in transit. SPF will fail any time mail is forwarded – via a mailing list, a forwarding service used by the recipient, or just ad-hoc forwarding. DKIM will fail any time the message is modified in transit. That can be obviously […]

No Comments

Tools!

I just added a DMARC validation tool over on tools.wordtothewise.com. You can give it a domain – such as ebay.com – and it will fetch the DMARC record, then explain and validate it. Or you can paste the DMARC record you’re planning to publish into it,  to validate it before you go live. If you’ve not […]

2 Comments

Fun with opinions

Over the last few weeks I’ve seen a couple people get on mailing lists and make pronouncements about email. It’s great to have opinions and it’s great to share them. But they’re always a little bit right… and a little bit wrong. SPF is dead! This came from the new ESP of an experienced mailer. […]

1 Comment

Beware the oversimplification

Setting up a DMARC record is the easy bit. Anyone can publish a record in DNS that will trigger reports to them. The challenge is what to do with those reports and now to manage them. DMARC is a complex protocol. It builds on two other protocols, each with their own nuances and implementation issues. […]

No Comments

More on ARC

ARC – Authenticated Received Chain – is a way for email forwarders to mitigate the problems caused by users sending mail from domains with DMARC p=reject. It allows a forwarder to record the DKIM authentication as they receive a mail, then “tunnel” that authentication on to the final recipient. If the final recipient trusts the […]

No Comments

Ask Laura: Can you help me understand no auth / no entry?

Dear Laura, I’m a little confused by the term “no auth / no entry”. Gmail and other major receivers seem to be moving towards requiring authentication before they’ll even consider delivery. Does this just mean SPF and DKIM, or does this mean the much more stringent DMARC, as well? Thanks, No Shirt, No Shoes, No […]

3 Comments

DMARC p=reject

Mail.ru is switching to p=reject. This means that you should special-case mail.ru wherever … Actually, no. Time to change that script. If you operate an ESP or develop mailing list software you should be checking whether the email address that is being used in the From: address of email you’re sending is in a domain […]

1 Comment

Ask Laura: Do I have to publish DMARC?

  Dear Laura, I heard recently that both Gmail and Yahoo will require DMARC authentication in early 2016 or images will be automatically blocked. Is that correct? And if so, do you know when they will be requiring DMARC? A DMARC-Overwhelmed Admin Dear Overwhelmed, There are three things going on here, all of which are […]

2 Comments

More Yahoo domains get DMARC’d

Yahoo is turning on p=reject for 62 of their international domains on March 28, 2016. These domains include: y7mail.com yahoo.at yahoo.be yahoo.bg yahoo.cl yahoo.co.hu yahoo.co.id yahoo.co.il yahoo.co.kr yahoo.co.th yahoo.co.za yahoo.com.co yahoo.com.hr yahoo.com.my yahoo.com.pe yahoo.com.ph yahoo.com.sg yahoo.com.tr yahoo.com.tw yahoo.com.ua yahoo.com.ve yahoo.com.vn yahoo.cz yahoo.dk yahoo.ee yahoo.fi yahoo.hr yahoo.hu yahoo.ie yahoo.lt yahoo.lv yahoo.nl yahoo.no yahoo.pl yahoo.pt yahoo.rs yahoo.se […]

3 Comments
  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments


Archives