Email Blogs
Rene Holt writing for We Live Security has shared a recent tale that gives me pause: What can go wrong if you get your SPF record wrong. Usually the risk here is that you make your SPF record too restrictive, resulting in the rejection of legitimate mail. But here’s an alternate case — what if your SPF record is so wide, so broad, that bad guys can easily send spam from certain IPs and pass authentication checks, successfully pretending to be you (or at least, successfully sending from your domain).I think the moral of the story is that you’ve got to get SPF right, both in how tight and how loose your SPF record should be. Don’t just blindly add a zillion IP addresses because somebody told you to; investigate and question and review.Rene Holt: How a spoofed email passed the SPF check and landed in my inbox
Back in June, Jennifer Nespola Lantz and I hosted a Kickbox Live session where we explained what a BIMI logo is, which ISPs support it, and we gave our recommendations on moving forward with a BIMI sender logo. And we even took time to answer a bunch of questions. And the info we shared then is still the latest and greatest with regard to BIMI status, so if you’re curious as to what this whole BIMI logo thing is and what you should be doing about it, feel free to head on over to the Kickbox blog and check it out.And don’t forget, I’ve got a whole BIMI section here on Spam Resource, including current and upcoming (Apple) mailbox provider support, what to do if you’re seeing the wrong logo, how to “fake it ’til you make it” at Gmail, learn how to create an animated logo, and more!
Here is the scenario. Maybe you’ve just gotten a bounce message that looks like this:Aug 25 11:20:24 s1 postfix/smtp[26906]: 98299221BB: to=, relay=gmail-smtp-in.l.google.com[142.250.141.27]:25, delay=1.2, delays=0.04/0.77/0.2/0.21, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[142.250.141.27] said: 550-5.7.1 [206.125.175.2] Our system has detected that this message is not RFC 550-5.7.1 5322 compliant: duplicate headers. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please review 550 5.7.1 RFC 5322 specifications for more information. j6-20020a637a46000000b0042b3a763e76si3563504pgn.127 – gsmtp (in reply to end of DATA command))Or perhaps it looks like this:Aug 25 12:48:59 s1 postfix/smtp[14180]: C90492056B: to=, relay=aspmx.l.google.com[142.250.141.27]:25, delay=0.69, delays=0.08/0/0.39/0.22, dsn=5.7.1, status=bounced (host aspmx.l.google.com[142.250.141.27] said: 550-5.7.1 [206.125.175.2] Our system has detected that this message is not RFC 550-5.7.1 5322 compliant: 550-5.7.1 Multiple ‘From’ headers found. 550-5.7.1 To reduce the amount of spam sent to Gmail, this message has been 550-5.7.1 blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=RfcMessageNonCompliant 550 5.7.1 and review RFC 5322 specifications for more information.
That’s right, 21 years ago (yesterday), is more or less when Spam Resource first hit teh interwebs. I invite you to celebrate with a beverage of your choice. Pictured: Murray is enjoying a Best Patio Pils by 18th Street Brewery on the patio at Jarvis Square Tavern, our favorite bar here in Chicago. (And by the way, Chicago, coincidentally, is not quite the hellhole that some dumb guy portrayed it as recently.)
Back in 2021 I blogged about DuckDuckGo announcing their new privacy-focused duck.com email service. Fast forward to now and it appears as though the service is now open to all. Yay?
Sender Policy Framework (SPF) is one of two primary types of email authentication mechanisms used by email senders today (the other being DKIM). SPF is a “simpler” protocol than DKIM, in that SPF is based around a text record for your domain name that contains the IP addresses of the mail servers that are allowed to send mail on your behalf.You can lookup the SPF record for Spam Resource here, using my XNND DNS Tools website. As of this writing, that SPF record looks like this:ip4:213.138.100.131 ip6:2607:f2f8:a760::2 ip4:206.125.175.2 include:_spf.google.com -allIt contains two regular IPv4 IP addresses, one IPv6 IP address, and an “include” mechanism that references Google’s SPF record. Decoding this tells us that I want those three servers (with those three IP addresses) to be able to send mail using my domain name spamresource.com, and the “include” for Google is because I am a user of GSuite/Google for Business
I’ve spent a lot of time lately explaining what exactly seedlist testing is, how it works, and why it’s valuable. I like it. I have a bias, after all, in that my day job is product manager for a suite of deliverability tools, and that includes seedlist-based inbox testing (shameless plug: find more info about the Kickbox Deliverability Suite here). Occasionally somebody will tell me that they’ve heard that seedlist testing can’t be trusted or that it’s not useful now in 2022, because mailbox provider spam filters are so individualistically focused on user feedback. Yeah…they have a point…sort of. But not quite.It is very true that spam filters are very user-centric. Gmail, in particular. Your Gmail spam filter is different than mine. Gmail tracks individual user feedback and tailors the spam filtering experience, if you will, based on the different inputs that you and I provide to it. That means
Over on the Validity blog, my friend Travis Murray has provided an update on the current status of that Gmail pilot program to allow some political senders to in theory be able to bypass some spam filters. Read it and be informed.The whole thing makes me itch. There are just too many apples to give everybody one bite, as I mentioned before.And My colleague Jennifer Nespola Lantz worries that this “is a flat degradation of trust for the end user” and I concur.So…what comes next here? Get ready to start sliding down that slippery slope here, folks.
It’s Friday! Do you need a bit of a palette cleanser after a long and difficult week? Well, me, too. And here it is: Buzzfeed’s Megan Liscomb with “29 Extremely Bizarre Email Sign Offs That Have Inspired Me To Start Sending Weirder Emails.” Best fishes to all, and be sure to govern yourself accordingly.
“Email Unicorn” aka digital marketing professional Michelle Miles doesn’t want you to use the term “blast” when talking about email marketing campaigns. I agree, and her reasoning is sound and you should read it for yourself. (And then you should follow her on Medium!)