Category Archives: Email Authentication

DMARC – The New Spam Filter

New DMARC Authentication system looks to bring SPF and DKIM together under one system, and it’s supported by Google, Microsoft, Yahoo and PayPal


Spam comes in many flavors, all hurt email delivery

Cnet says AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.

To me this sounds like great news for us all, both senders and email inbox subscribers.

How Does DMARC Work?

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

You can read the full DMARC specification here….

Do I Need to Include My Autoresponders SPF Record in My DNS?

Email Delivery: Should I Add My Autoresponder’s SPF Records to My Domain?

I recently ran across a post that claimed that by adding the SPF records of the writers autoresponder (in this case AWeber) that he expected to get past being blocked by a Canadian ISP. This is complete crap because any authentication technology associates the email in question with the sending domain and IP address not the email from address or the return email address.

I even contacted AWeber’s CEO Tom Kulzer with this scenario just to be absolutely sure and here is the email excerpt.

Chris Lang wrote:

Let’s say that an ISP receives my email from AWeber with my from address and reply address in the header. Do they look at my SPF record to see if I have a SPF DNS entry associated with your (my autoresponder) email servers?

Tom Kulzer said

They look at aweber.com SPF records.

Chris:

Also is all email sent from AWeber under the address keywebdata (at) aweber.com sent from the same IP address everytime?

Tom Kulzer:

It’s not sent from the same single IP, but load balanced across the same range of IP addresses. Those ranges can all be found in our SPF record directly or in our FAQ on the website.

Chris:

In other words does it matter if authentication records associate my domain and from address with yours?

Tom:

Does sending from the same single IP matter? No.

Does sending from the same group of IP’s matter that have an excellent reputation and reliable volume of mail built over a long period of time matter? Absolutely, yes.

Chris:

Also is there any data to support a higher delivery rate due to the use of SPF, Sender Id and DKIM?

Tom:

Not that I’ve seen which clearly shows this, but general industry knowledge of how various ISP’s build reputations
of senders and make delivery choices tells me it does help support higher delivery rates.

Chris:

Tom you have been a wealth of information on email delivery to us all many times, I just want to thank you again for taking time away from your business to set us straight.

Yahoo to use Return Path Sender Score Certified?

Yahoo is soon to start accepting Sender Score Certified via Return Path!

Yahoo using Sender Score Certified whitelist and Return Path was quietly made public in January 2008, “Yahoo! is implementing the scheme and will begin checking using it sometime in spring.” We have not heard much since. My connection at Return Path just mentioned Yahoo the other day and brought it back to mind.

Return Path blog says “Receivers that accept the Sender Score Certified whitelist include, among others, Windows Live Hotmail, Time Warner Cable, GoDaddy and soon Yahoo! and Yahoo! operated email properties.”

Maybe this is why Yahoo has been such a nightmare to deliver to lately and why Yahoo pulled it’s FBL in March.

Since they announced that Comcast would offer an FBL managed by Return Path I have been expecting the Yahoo Sender Score Certified Return Path full press release to come forth.

I don’t mean to be a nutty conspiracy theorist here, but first Comcast has no whitelist, no FBL and is tough to get your email delivered to. Then Comcast offers an FBL through Return Path. Next, it’s Yahoo, who pulls their FBL, calling it an end to a beta, is impossible to deliver any email to for months and now is poised to solve it all with Sender Score Certified and Return Path.

As always I invite your comments below! = Chris Lang