Word to the Wise

History Return Path was a major driver for the establishment of Feedback Loops (FBLs) back in the mid to late 2000s. They worked with a number of ISPs to help them set up FBLs and managed the signup and validation step for them. In return for providing this service to senders and receivers, they used this data as part of their certification process and their deliverability consulting. Return Path had a strong corporate ethos of improving the overall email ecosystem that originated from the CEO and permeated through the whole organization. In 2019 Validity acquired Return Path and within two months closed two offices and laid off more than 170 employees, many who are industry leaders and long time colleagues. In 2020 Validity acquired 250OK, one of their major competitors. Over the next year they then ended long term agreements with ESP partners, sued competitors and significantly raised prices for

When you query DNS for something you ask your local DNS recursive resolver for all answers it has about a hostname of a certain type. If you’re going to a website your browser asks your resolver for all records for “google.com” of type “A”1 and it will either return all the A records for google.com it has cached, or it will do the complex process of looking up the results from the authoritative servers, cache them for as long as the TTL field for the reply says it should, then return them to you. There are dozens of different types of records, AAAA for IPv6 IP addresses, MX for mailservers, TXT for arbitrary text, mostly used for various sorts of authentication (including SPF, DKIM and DMARC). And then there’s CNAME. CNAME stands for “Canonical Name” and means “Go and ask this different question instead”. If you have a DNS record

When someone sends a complaint to your compliance desk there are a range of things you want to do, but one thing you always want to do is ensure that the recipient doesn’t receive any more unwanted email from your customer. Or, at least, not from your network. There are usually several different ways you can make sure that happens. There are big hammers a compliance desk can use in egregious cases – if the customer is immediately terminated, or has their ability to send mail suspended then there won’t be any more unwanted email to anyone, including the person who has reported unwanted mail. More normally, though, you’ll want to stop all mail from your customer to just the person reporting them immediately, at least while you look at the customers statistics and investigate further. If the report includes a copy of the offending email then there’ll be an

Eventually our subscribers won’t want our email in their inbox any more. They can stop the mail either by unsubscribing from it, or by marking it as spam. We’d far rather they do the first so we should make it as easy as possible for them to unsubscribe. Also in most jurisdictions you’re legally required to offer a functional, easy to use unsubscription channel. So, how to do that? There are a few different ways to accept unsubscription requests, and most legitimate bulk mail should offer several of them. Reply to unsubscribe The recipient replies to the email, the person handling replies removes them from the list. This is a problematic way of handling unsubscription requests. On the one hand, sending mail that recipients can’t reply to, or where replies are bounced, responded to automatically or silently discarded is fairly recipient-hostile. It’s better if those replies go to a customer

I stumbled across this story again this morning, and it’s such a lovely delivery yarn I thought I’d share it. It’s from Trey Harris, and it’s set in the mid 90s. Here’s a problem that *sounded* impossible… I almost regret posting the story to a wide audience, because it makes a great tale over drinks at a conference. 🙂 The story is slightly altered in order to protect the guilty, elide over irrelevant and boring details, and generally make the whole thing more entertaining. I was working in a job running the campus email system some years ago when I got a call from the chairman of the statistics department. “We’re having a problem sending email out of the department.” “What’s the problem?” I asked. “We can’t send mail more than 500 miles,” the chairman explained. I choked on my latte. “Come again?” “We can’t send mail farther than 500

I’ve heard quite a bit of concern about what iOS 17’s automatic removal of click-tracking parameters means, but less discussion of what it actually does. Broadly it’s Apple trying to improve user-privacy by making it harder to do cross-site tracking at scale. Cross-site tracking is the basis of a lot of privacy-violating tracking technologies, and tracking parameters added to links evade Safari’s technologies that mitigate tracking via cross-site cookies or other forms of session storage. (As partial compensation, Apple is supporting Private Click Measurement. That’ll allow ad click measurements without sending PII to the advertisers.) But, what does it actually mean? I’ve not seen much in the way of documentation, so I built a test harness, installed an iOS 17 developer beta on a spare iPad and looked at what it does. The test setup is very, very simple. I have a custom webserver that accepts clicks and logs the

Are you seeing this bounce message when trying to send mail to Yahoo subscribers?451 Message temporarily deferred due to unresolvable RFC.5321 from domain; see https://postmaster.yahooinc.com/error-codesAnd you’ve checked and confirmed that your sending domain seems to resolve for you, so you’re wondering, what the heck is going on and what do I do about it? If so, Steve Atkins has got you covered. Over on the Word to the Wise blog, he explains how Yahoo is looking for an SOA record (Start of Authority) in DNS and depending on how your DNS and delegation are configured, you could be misconfigured in a way that most don’t notice, but would fail this check.Click on over to Word to the Wise to learn more. Thank you, Steve, for clearing this up! It’s a tricky one.

One of the most common refrains I hear from folks with delivery problems is that the filters must have changed because their mail suddenly started to go to the bulk folder. A few years ago, I posted about how even when there is no change in the sender’s behavior, reputation can slowly erode until mail suddenly goes to the Gmail bulk folder. Much of that still applies – although the comments on pixel loads (what other folks call ‘open rates’) are a bit outdated due to changes in Gmail behavior. While it is often true that reputation drives sudden delivery problems there are other reasons, too. Filters are always adjusting and changing to meet new challenges and threats. We’re seeing these changes rolling out at some of the consumer mailbox providers. Steve recently wrote about changes that Yahoo! was making related to domain existence. He also posted about Microsoft getting

As a consumer there are several different sorts of email address that are described as “disposable” or “temporary”. Some of them are what we might call tagged addresses – addresses that are unique, created to be given to a specific vendor. If it’s misused by the vendor, or if it’s leaked to spammers, then the address can be disabled, either by rejecting or by silently discarding mail sent to it. Others are created for a specific use, and will only be briefly valid, either for a single email or for a short period of time (ten minutes, an hour, something like that). They typically don’t have any connection to a users “real” email address, and are just accessed via a web page. A user might use this when they’re being required to give an email address to access some sort of service but there’s no ongoing use of that email

Trekkie Monster. He’s obsessed by social media and isn’t owned by Children’s Television Workshop. What is a Cookie? I’m not talking about biscuits, nor about web cookies, at least not exactly. When you’re talking to a protocol developer a cookie is a thing you’re given, that you hang on to for a while, then give back. If you leave your suitcase with your hotel concierge they’ll give you a paper ticket with a number on it. That ticket and the number on it aren’t of any intrinsic value, nor do they really mean anything. The only thing you can do with it is give it back to the concierge to get your suitcase back. The ticket is a cookie. Conceptually a cookie isn’t something that’s meaningful except when you give it back to whoever gave it to you – so if you’re a client program and a server sends you