Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
Home :: Email
26 Jan 2017
In September I wrote about a proposal to allow one-click
unsubscriptions from mailing lists without user interaction.
After taking a rather tortuous path through the IETF, it's now been issued
as RFC 8058. The changes
since September are quite minor, mostly tightening up some details to prevent
various attacks from fake unsub requests.
Now that it's official, I expect email service providers will start implementing it,
and we'll have an arguably better alternative to mail feedback loops to tell
mailers when their mail is unwanted.
Trackback link is https://jl.ly/Email/oneclickrfc.trackback
20 Dec 2016
I have groused at length
about the damage that anti-phishing technique DMARC does to e-mail discussion lists.
For at least two years list managers and list software developers have been trying to
figure out what to do about it.
The group that brought us DMARC is working on an un-DMARC-ing scheme
called ARC, which will likely help
somewhat, but ARC isn't ready yet, and due to ARC's complexity it's likely
that there will be many medium or small mail systems that enforce DMARC
and can't or won't use ARC.
The Internet Engineering Task Force, which writes technical standards for
the Internet, works primarily through discussion lists, and the pain from
DMARC has gotten to the point where we may do something about it.
So we've been doing some experiments.
See more ...
Trackback link is https://jl.ly/Email/wrapme.trackback
30 Sep 2016
Unsubscribing from mailing lists is hard.
How many times have you seen a message "please remove me from this list,"
followed by two or three more pointing out that the instructions are in
the footer of every message,
followed by three or four more asking people to not send their replies to
the whole list (all sent to the whole list, of course,)
perhaps with a final message by the list manager saying she's dealt with it?
For marketing broadcast lists, it's even worse because there's no list to write to.
Messages are supposed to have an unsubscribe link (required by law in most places)
which usually works except when it doesn't, or it leads to a web page making
incomprehensible demands ("click here unless you want not to be removed
only from this sender's mail") so for a lot of users it's easier
just to click the junk button until the messages go away.
See more ...
Trackback link is https://jl.ly/Email/oneclick.trackback
20 Sep 2016
A few days ago I was startled to get an anti-spam challenge from an
Earthlink user, to whom I had not written.
Challenges are a WKBA (well known bad idea) which I thought had been
stamped out, but apparently not.
The plan of challenges seems simple enough; they demand that the
sender does something to prove he's human that a spammer is
unlikely to do.
The simplest ones just ask you to respond to the challenge, the
worse ones like this one have a variety of complicated hoops they
expect you to jump through.
What this does, of course, is to outsource the management of your
mailbox to people who probably do not share your interests.
See more ...
Trackback link is https://jl.ly/Email/badchallenge.trackback
05 Sep 2016
A friend (really) asked for advice about what to say about mail authorization
to people setting up new mail systems, particularly in parts of the world where
networks are relatively new and staff less experienced.
The first question is are you a phish target?
There's two parts to this question.
See more ...
Trackback link is https://jl.ly/Email/authcheat.trackback
My other sites
Who is this guy?
Airline ticket info
Chart of Legal Actions taken under CASL
51 days ago
A keen grasp of the obvious
A little musical history
274 days ago
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse