The IETF's DMARC working group is thinking about a maintenance update to the DMARC spec, fixing bits that are unclear and perhaps changing it where what mail servers do doesn't exactly agree with what it says. Someone noted that a lot of mailers claim to have "deployed DMARC," and it's not at all clear what that really means. ... I've suggested that we could write a DMARC deployment guide that describes the parts of DMARC, the ways they interact and in what sequence it's useful to deploy them. If you'd find that useful, leave a comment. more
With perhaps the most coveted valuation in the Email Industry at close to $10B, MailChimp is considered the most forward-thinking ESP on the planet boasting 12M customers, with outstanding brand recognition and an incredible leadership suite. But when it comes to installing RealTimeML, it's lollygagging mainly because it has not justified the actual value to productionalize RealTimeML across its client base. And also, because it is a challenge to execute! more
US presidential candidate Mitt Romney will likely be reconsidering his email passwords after his online email account was reportedly hacked. A hacker claims to have accessed Romney's Hotmail and Dropbox accounts after guessing the answer to the Republican candidate's 'favourite pet' security question. It's suspected Romney used the same password for more than one account. more
As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
Internet pioneer, Ray Tomlinson has passed away. He died at his home yesterday morning from a suspected heart attack at the age of 74. While best known as the creator of the email messaging system, Tomlinson made tremendous contributions to the field of computing science, evolution of the Internet, and ultimately how the world communicates today. more
This weekend we took the car in for service. Instead of dropping it off at the dealership, we found a small, local garage. Prominently positioned on the counter was their Email Privacy Policy... If a little garage can provide such an understandable and readable privacy policy, how is it that so many email and internet experts fail to do the same? more
As my recent series of posts has indicated, I am seeing a lot of future changes in the email industry. What do I think we can look forward to in email in 2010? ...In the realm of real authentication, the protocol most are using is is DKIM. While people will probably continue to publish SPF records (and Microsoft will continue to cling to the hope it becomes widespread) its relevance will continue to decrease. more
Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more
A few issues may affect some senders/outbound mail across the email industry this week... A few folks in the industry said they saw false positives of RLY:B1 blocks since Monday the 8th. If you notice these, ensure you follow necessary procedure: check to see all is good on your end, and then submit a support ticket to AOL's postmaster group. more
The Anti-Spam Research Group (ASRG) published a draft for an Overview of Email DNSBL Best Practices. We can take a step back and review paragraph 2.2.5 (Conflict of Interest)... Some DNSBLs used for blocking/negative reputation have had a practice of requiring fees or donations to charities from the listee for delisting. It is generally considered entirely appropriate for a DNSBL to charge for access to it by its users -- the definition of a commercial DNSBL. more
Funny as it may seem, today there's big news in the email industry -- 2 large internet bodies, 2 projects... Projects Phoenix and Titan, by AOL and Facebook respectively. What are key things to note about each project? Let's look at each in brief detail... more
Throughout this series of articles we've been talking about DKIM, and what a valid DKIM signature actually means. .. What this means for senders (of any type) is that with DKIM, you’re protected. On the internet, your domain name is a statement of your brand identity – so by signing messages with DKIM, you can finally, irrevocably tie those messages to your brand. more
Average level of spam in the second quarter of 2009 has risen by 53 percent, as compared to the first quarter of this year, according to latest report from Google's email security and archiving services group, Postini. The report foresees unpredictable pattern of drops and spikes for the rest of the year... more
As unusual as it may be for a lawyer to speak at a IETF meeting, Ian Walden gave a lecture on Data Protection Directives and updates thereof. He said they affect some 90 jurisdictions. A difference between email addresses and cookies - the latter are the main subject of the January 2012 update of the directives - is that after more than a decade of enforcement, specific browser extensions may allow users to browse what cookies they have, while no record states whom they conferred their email addresses to. more