Over the last few weeks I’ve seen a couple people get on mailing lists and make pronouncements about email. It’s great to have opinions and it’s great to share them. But they’re always a little bit right… and a little bit wrong. SPF is dead! This came from the new ESP of an experienced mailer. They were recommending not publishing SPF records because it was “an...
Setting up a DMARC record is the easy bit. Anyone can publish a record in DNS that will trigger reports to them. The challenge is what to do with those reports and now to manage them. DMARC is a complex protocol. It builds on two other protocols, each with their own nuances and implementation issues. I’ve written in the past about what DMARC is, what you need to know to decide if...
ARC – Authenticated Received Chain – is a way for email forwarders to mitigate the problems caused by users sending mail from domains with DMARC p=reject. It allows a forwarder to record the DKIM authentication as they receive a mail, then “tunnel” that authentication on to the final recipient. If the final recipient trusts the forwarder, then they can also trust the...
Dear Laura, I’m a little confused by the term “no auth / no entry”. Gmail and other major receivers seem to be moving towards requiring authentication before they’ll even consider delivery. Does this just mean SPF and DKIM, or does this mean the much more stringent DMARC, as well? Thanks, No Shirt, No Shoes, No What Now? Shirtless & Shoeless, “No auth / no entry” is...
Mail.ru is switching to p=reject. This means that you should special-case mail.ru wherever … Actually, no. Time to change that script. If you operate an ESP or develop mailing list software you should be checking whether the email address that is being used in the From: address of email you’re sending is in a domain that’s publishing p=reject (is a “rejective” email...
Dear Laura, I heard recently that both Gmail and Yahoo will require DMARC authentication in early 2016 or images will be automatically blocked. Is that correct? And if so, do you know when they will be requiring DMARC? A DMARC-Overwhelmed Admin Dear Overwhelmed, There are three things going on here, all of which are related to DMARC but are very different in how it affects mail delivery...
Yahoo is turning on p=reject for 62 of their international domains on March 28, 2016. These domains include: y7mail.com yahoo.at yahoo.be yahoo.bg yahoo.cl yahoo.co.hu yahoo.co.id yahoo.co.il yahoo.co.kr yahoo.co.th yahoo.co.za yahoo.com.co yahoo.com.hr yahoo.com.my yahoo.com.pe yahoo.com.ph yahoo.com.sg yahoo.com.tr yahoo.com.tw yahoo.com.ua yahoo.com.ve yahoo.com.vn yahoo.cz yahoo.dk yahoo.ee...
Happy March! Here’s a look back at our last month of email adventures. It was a busy few weeks for us with the M3AAWG meeting in San Francisco. We saw lots of old friends and met many new people — all in all, a success, despite the M3AAWG plague we both contracted. Hot topics at the conference included DMARC, of course, and I took the opportunity to write up a guide to help you determine if...
I’ve been hearing a lot lately about DMARC. Being at M3AAWG has increased that. Last night we were at dinner and heard from the next table “And they’re not even publishing DMARC!!!!” I know DMARC is the future. I know folks are going to have to start publishing DMARC records. I also know that the protocol is the future. I am also not sure that most companies are ready for...
Dear Laura, I have a client moving from an external ESP to an internal system. They send approximately eight million messages per year, and these are primarily survey emails on behalf of their clients. We’ve had some conversations about authentication, and I’m trying to help them figure out if they just need DMARC or if they also need DKIM and SPF. It seems some ISPs prefer different methods, and...
RSS - Posts