Category Archives: Policy

07.29.14
by

Outlook.com Tests the DMARC Waters

A colleague of mine pointed out last night that Outlook.com changed its DNS record from publishing no DMARC policy to publishing a record specifying “p=none; pct=100”.

In DMARC, “p=none” is used to collect feedback and gain visibility into email streams without impacting existing flows.

Earlier this spring, both Aol and Yahoo began publishing “p=reject; pct=100” on some or all of their domains’ DMARC records, causing lots of mail to be rejected at all domains that participate in DMARC – and not just spam. The change caused mail lists to break and inflicted serious deliverability damage on small businesses who’ve relied on Aol or Yahoo for their business needs for years.

Outlook.com hasn’t made any public announcements about when or if they will publish a reject record, but I take yesterday’s change as a clear sign that they’re thinking about it.

06.05.14
by

New Spam Trap Type for CASL Non-Compliance?

I’ve not observed these in the wild – nor should I have, so far, as there are still three weeks and change left on the calendar before CASL goes into effect. But I’d bet you a box of meat we’ll soon see a new type of spam trap meant to tease out data from the spam stream on which senders are not bothering to comply. Continue reading

04.22.14
by

Aol Follows Suit On DMARC Reject Policy

Aol announced little more than an hour ago that they’ve published a reject policy in their DMARC record, just as Yahoo did around April 6th. Batten down the hatches; here comes another bounce storm:

Today we moved to change our DMARC policy to p=reject. This helps to protect AOL Mail users’ addresses from unauthorized use.

It also stops delivery on what previously would have been considered authorized mail sent on behalf of AOL Mail users via non-AOL servers. If you’re a bulk sender on behalf of AOL addresses, that probably includes mail sent from you.

“Probably”.

I think I’ll hit the sack early tonight. I want to be well-rested for tomorrow. Do I get credit for making the prediction just a few hours ago?

04.10.14
by

Who Does That, Anyway?

Yahoo’s big change to their DMARC policy has sparked a remarkable amount of debate among stakeholders in the email and security ecosystems. As is usually the case with these crowds, there’s a lot of religion both in support of and against the change. I’m trying to stay out of it, but I’m not sure I’m succeeding.

So, to take a small detour, I thought it might be interesting (or at least somewhat less exasperating) to advance some sort of answer to a related question I’m hearing from both sides: who in the actual heck would use an address from a free inbox provider as the From: address for their own marketing and newsletter mail? Continue reading

03.18.14
by

M3AAWG Shows Senders Some Love

Like A BawsI’m a little late with this bit of news, but I hope readers will indulge me nonetheless.

Lots of great things happened at the most recent M3AAWG general meeting in San Francisco last month, particularly for the Senders’ Special Interest Group, which I co-chair with my friend and colleague Tara Natanson of Constant Contact.

For the first time, postmasters from all four of the major free inbox providers shared the stage to take questions on a range of anti-abuse and policy topics. Gmail selected a M3AAWG Senders session as the venue to announce the launch of their feedback loop program (which my team helped to beta test) and header unsubscribe link implementation. We had some outstanding email and data science presentations that drew overflow attendance. All of these are remarkable. Continue reading