Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Add to My Yahoo!

Home :: Email

27 Oct 2015

What's ARC? Email

DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet.

Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work?

See more ...

posted at: 23:43 :: permanent link to this entry :: 1 comments
Trackback link is

15 Jun 2015

The cycle of e-mail security Email

Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology.

1. Invention and enthusiasm

Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great.

See more ...

posted at: 23:22 :: permanent link to this entry :: 0 comments
Trackback link is

11 May 2015

The theory of e-mail reputation Email
The IETF is once again wrestling with e-mail authentication and reputation, this time in the context of
DMARC, particularly the long running issue of DMARC vs. mailing lists. We have a bunch of proposals with various techniques of signing messages, asking various parties who is authorized to send what. Some of them seem workable, but a lot aren't. I have found that a few basic rules that apply to any reputation scheme make it a lot easier to evaluate whether a proposal can work.

See more ...

posted at: 00:06 :: permanent link to this entry :: 0 comments
Trackback link is

13 Jan 2015

When DNSBLs go bad Email
I have often remarked that any fool can run a DNSBL and many fools do so. Since approximately nobody uses the incompetently run BLs, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list.

See more ...

posted at: 23:47 :: permanent link to this entry :: 0 comments
Trackback link is

30 Dec 2014

Dave Crocker and I try and figure out if we've solved the spam problem yet. Email

Dave Crocker, author of many of the standards documents that e-mail depends on, and I were at the M3AAWG meeting in Brussels in June when they asked us to step into an impromptu video studio and talk about how e-mail has changed over the past several decades, and whether we're winning the war on spam.

If you want to skip the muzak in the intro, we start talking at :48.

posted at: 21:33 :: permanent link to this entry :: 0 comments
Trackback link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CRTC fines another big company that should have known better
5 days ago

A keen grasp of the obvious
Caption contest
154 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2015 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.