BLOG

Tag: spf

Ask Laura: Can you help me understand no auth / no entry?

Dear Laura, I’m a little confused by the term “no auth / no entry”. Gmail and other major receivers seem to be moving towards requiring authentication before they’ll even consider delivery. Does this just mean SPF and DKIM, or does this mean the much more stringent DMARC, as well? Thanks, No Shirt, No Shoes, No […]

3 Comments

March 2016: The Month In Email

Happy April! I’m just back from the EEC conference in New Orleans, which was terrific. I wrote a quick post about a great session on content marketing, and I’ll have more to add about the rest of the conference over the next week or so. Stay tuned! Here’s a look at what caught our attention […]

No Comments

Ask Laura: Do I have to publish DMARC?

  Dear Laura, I heard recently that both Gmail and Yahoo will require DMARC authentication in early 2016 or images will be automatically blocked. Is that correct? And if so, do you know when they will be requiring DMARC? A DMARC-Overwhelmed Admin Dear Overwhelmed, There are three things going on here, all of which are […]

2 Comments

Optimize your SPF records

I talked on Monday about the SPF rule of ten and how it made it difficult for companies to use multiple services that send email on their behalf. Today I’m going to look at how to fix things, by shrinking bloated SPF records. This is mostly aimed at those services who send email on their […]

1 Comment

SPF: The rule of ten

Some mechanisms and modifiers (collectively, “terms”) cause DNS queries at the time of evaluation, and some do not. The following terms cause DNS queries: the “include”, “a”, “mx”, “ptr”, and “exists” mechanisms, and the “redirect” modifier. SPF implementations MUST limit the total number of those terms to 10 during SPF evaluation, to avoid unreasonable load […]

No Comments

Should you publish DMARC?

I’ve been hearing a lot lately about DMARC. Being at M3AAWG has increased that. Last night we were at dinner and heard from the next table “And they’re not even publishing DMARC!!!!” I know DMARC is the future. I know folks are going to have to start publishing DMARC records. I also know that the […]

6 Comments

Ask Laura: Confused about Authentication

  Dear Laura, I have a client moving from an external ESP to an internal system. They send approximately eight million messages per year, and these are primarily survey emails on behalf of their clients. We’ve had some conversations about authentication, and I’m trying to help them figure out if they just need DMARC or […]

No Comments

What to expect in 2016

I don’t always do predictions posts, even though they’re  popular. Most years I skip them because I don’t see major changes in the email space. And, I’m not the type to just write a prediction post just to post a prediction. This year, though, I do see changes for everyone in the email space. Most […]

19 Comments

SPF debugging

Someone mentioned on a mailing list that mail “from” intuit.com was being filed in the gmail spam folder, with the warning “Our systems couldn’t verify that this message was really sent by intuit.com“. That warning means that Gmail thinks it may be phishing mail. Given they’re a well-known financial services organization, I’m sure there is a lot […]

1 Comment

IPv6 and authentication

I just saw a post over on the mailop mailing list where someone had been bitten by some of the IPv6 email issues I discussed a couple of months ago. They have dual-stack smarthosts – meaning that their smarthosts have both IPv4 and IPv6 addresses, and will choose one or the other to send mail over. […]

No Comments
  • HE.net DNS problems

    Hurricane Electric had a significant outage of their authoritative DNS servers this morning, causing them to return valid responses with no results for all(?) queries. This will have caused delivery problems for any mail going to domains using HE.net DNS - which will include some of their colocation customers, as well as users of their free services - but also will have caused reverse DNS to fail for most servers hosted by Hurricane Electric worldwide, so if any of your mail is being sent from HE hosted machines you may have seen problems. (We're HE customers so we noticed. Still happy with them as a vendor.)No Comments


  • 65.0.0.0/8 DNS issues

    If you're sending email from any address beginning with a 65 - in 65.0.0.0/8 - it's possible you'll see some delivery problems. Something appears to be broken with dnssec signatures for the reverse DNS zone, leading queries for reverse DNS to fail for anyone using a dnssec aware DNS resolver (which is almost everyone).1 Comment


  • Our green bar certificate is going away

    Later today we'll be switching from an Extended Validation ("green bar") SSL certificate to a Domain Validation certificate. This isn't exactly a planned change but I'm waiting for responses from Comodo before I go into it too much. I'll share some more details next week.3 Comments


Archives