Tag Archives: spf

Stop with the incorrect SPF advice

stop-with-the-incorrect-spf-advice

Another day, another ESP telling a client to publish a SPF include for the wrong domain. It shouldn’t annoy me, really. It’s mostly harmless and it’s just an extra DNS look up for most companies. Heck, we followed Mailchimp’s advice and added their include to our bare root domain and it’s not really a huge deal for companies with only a couple SaaS providers. Still

Read More »

Understanding SPF Authentication

understanding-spf-authentication

Email Authentication Series Part 1: Why Email Authentication Matters to Your Email Program > Part 2: Understanding SPF Authentication Part 3: Understanding DKIM Authentication Part 4: Understanding DMARC Authentication (coming soon) Part 5: Understanding BIMI (coming soon) How SPF helps to prevent sender domain spoofing In part one, we covered the importance of email authentication, why it’s needed, why it's done the way it’s done,…

Read More »

Why Email Authentication Matters to Your Email Program

why-email-authentication-matters-to-your-email-program

An Introduction to Email Authentication Have you ever received an email from yourself, but you never sent it? (tires screeching, brakes burning) What?! If you’re nodding, you know too much about email. If not, this series is for you. Email is flexible, adaptable, and ever-evolving in its purpose. Sadly malicious actors have taken advantage of these qualities, which is why we have anti-spam laws, spam…

Read More »

Some Microsoft thoughts

some-microsoft-thoughts

Right at the end of January, Microsoft appears to have made couple of changes to how they’re handling authentication. The interesting piece of this is that, in both cases, Microsoft is taking authentication protocols and using them in ways that are slightly outside the spec, but are logical extensions of the spec. The first is an extension of DMARC. They’re rolling out inbox flags for…

Read More »

Cost of authentication

cost-of-authentication

At the end of last year, Steve wrote a post about the different types of authentication. I thought I’d build on that and write about the costs associated with each type. While I know a lot of my readers are actually on the sending side, I’m also going to talk about the costs associated with the receiving side and a little bit about the costs…

Read More »

Authentication

authentication

Some notes on some of the different protocols used for authentication and authentication-adjacent things in email. Some of this is oral history, and some of it may be contradicted by later or more public historical revision. SPF Associates an email with a domain that takes responsibility for it. Originally Sender Permitted From, now Sender Policy Framework. It allows a domain owner to announce which IP…

Read More »

Identifying domains that don’t accept or send email

identifying-domains-that-don’t-accept-or-send-email

A couple folks have asked me recently about MX records that they don’t understand. These records consist of a single . or they contain localhost or they are 127.0.0.1. In all cases, the domain owners use these records to signal that the domains don’t accept email. What do these records look like? Why do domains do this? In all cases it’s because the domain owners…

Read More »
>