On Friday I talked a bit about the history behind TXT records, their uses and abuses. But what’s in a TXT record? How is it used? When and where should you use them? Here’s what you get if you query for the TXT records for exacttarget.com from a unix or OS X command line with dig exacttarget.com txt ~ ∙ dig exacttarget.com txt ; <<>> DiG 9.8.3-P1 <<>>...
When the Domain Name System was designed thirty years ago the concept behind it was pretty simple. It’s mostly just a distributed database that lets you map hostname / query-type pairs to values. If you want to know the IP address of cnn.com, you look up {cnn.com, A} and get back a couple of IP addresses. If you want to know where to send mail for aol.com users, you look up {aol.com, MX}...
When emails are sent, there are two from fields, the Mail From and the Display From address. The Display From address (technically referred to as RFC.5322 from address) is the from address that is displayed to the end user within their email client. The Mail From (technically referred to as RFC.5321 from address) is the email address to which bounce messages are delivered. The Mail From field...
Like many bits of technology, email is often set-and-forget. Everything is checked and rechecked during setup, and then no one goes back and looks at it again. But mail programs are not static, and people make changes. These changes don’t really break things, but over time they can create their own set of problems. Setting aside some time every quarter or even every year to check and make...
Terry Zink at Microsoft posted earlier this week that Office365/Exchange Online Protection will have a significant change this week. Office365 uses Exchange Online Protection (EOP) for spam filtering and email protection. One of the requirements to send to EOP over IPv6 is to have the email authenticated with either SPF or DKIM. If the mail sent to Office365/EOP over IPv6 is not authenticated...
Email Authentication lets you demonstrate that you sent a particular email. Email Repudiation is a claim that you didn’t send a particular email. SPF is only for email authentication1 DKIM is only for email authentication DMARC is only for email repudiation 1 SPF was originally intended to provide repudiation, but it didn’t work reliably enough to be useful. Nobody uses...
Happy March! We started the month with some more movement around CASL enforcement from our spam-fighting friends to the north. We noted a $1.1 million fine levied against Compu-Finder for CASL violations, as well as a $48,000 fine to Plentyoffish Media for failing to provide unsubscribe links. We noted a few interesting things: the fines are not being imposed at the maximum limits, violations are...
Can a bad SPF record ruin your delivery, even though all your mail still passes SPF? Yes, it can. One of our clients had issues with poor delivery rates to the inbox at gmail and came to us with the theory that it was due to other people using their domain to send spam to gmail. This theory was based on ReturnPath instrumentation showing mail “from” their domain coming from other IP...
Salesforce has published a SPF record for sending emails from Salesforce for years and with the Spring ’15 release, they will provide the option to sign with DKIM. The SPF record is straight forward, include:_spf.salesforce.com which includes _spf.google.com, _spfblock.salesforce.com, several IP address blocks, mx, and ends with a SoftFail ~all. Salesforce Knowledge Article Number:...
There are 3 types of authentication currently in use for email. DKIM SPF DMARC The different strategies do different things with email. DKIM cryptographically signs emails, preventing changes in transit, and designates a “responsible domain” through the d= value in the signature. SPF compare the sending IP and the envelope from (also known as the bounce string, return path or 5321...
RSS - Posts