Even if hardly E-Mail-related: Here's a little rant from Roger Waters about our privacy. Enjoy! 😊

Microsoft has sunk a massive Office 365 email hijacking campaign https://www.techradar.com/news/microsoft-sinks-massive-office-365-email-hijacking-campaign

Feliz Viernes!

The new deliverability.tv episode is here! Featuring Yanna-Torry, the founder of letsauthenticatetheworld.com, a great project that InboxSys are proud to sponsor.

Check it out!

https://www.youtube.com/watch?v=LPkCoT9p2L8

Did anyone notice anything different? MS finally started sending DMARC reports about a month ago!

Now Microsoft started sending DMARC reports, Gmail suddenly quit. We have heard multiple reports from senders about missing Gmail DMARC reports since 03.10.2021.

That is quite significant, since Gmail is the largest DMARC report sender worldwide.

Did anyone get DMARC reports from Gmail in the past three days?

These are our Google DMARC reports for the past 2 weeks.

This (DMARC reports from Gmail) clearly looks like the Google postmaster platform is being reanimated. We're still missing 3 days of data here.

As you can read here, a few mail providers have been subject to DDOS attacks in the past week.

Runbox made a statement we don't mind repeating:

Anyone who is experiencing DDoS attacks is encouraged to never capitulate... ...We also encourage our respective customers to continue supporting independent email services such as the three of us now under attack.

We had already noticed. Today it was confirmed:

Postmaster Tools IP Reputation data has not been available since 12/17/21. Google is aware of the issue and is working to resolve it

That's the second time this year...

Apparently, also SNDS data is missing since a few days. This is generally not uncommon. It happens regularly.

Happy new year!

Microsoft Exchange finally has its Millennium-bug. Only two Decades late: https://twitter.com/JRoosen/status/1477120097747677184.

According to reliable rumors, Google Postmaster is showing data again. It is not known yet if and when the missing data will become available.

Important news for HORDE admins: https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html

Today is a lovely day to set up a TOR bridge:

https://blog.torproject.org/tor-censorship-in-russia

1&1 (hosting gmx.net, web.de and more) has made policy changes today. The new policy can be found here, here or here. You'll find 2 major changes:

1) Strict DKIM alignment is very strongly recommended. Bulk senders not aligning DKIM to the From:-header domain can expect to be blocked.
2) DMARC (with a reject-policy, of course) is now recommended.

We expect other ISPs to follow this example soon, if they haven't already.

"Email Authentication für Empfänger" is German for "Email Authentication for recipients". This is a document by the ECO Competence Group Email, describing Email authentication from a recipient's point of view. It's amongst the most comprehensive guides to E-Mail authentication I've seen so far.

I'm not sure if an English translation of the document is planned, but I have heard of efforts to write a second piece named "Email authentication for senders".

Perhaps you have noticed Gmail becoming stricter about RFC violations. Maybe you've read about it on a mailing list. Somehow it's unbelievable we still have to talk about this in 2022, 30 years after RFC821 described a clear mechanism to do exactly that: block E-Mail. Not only Google is more strict on RFC violations, but also other ISPs are playing with the subject. For example, Mail.de has created a postfix milter that detects RFC violations: https://github.com/mail-de/mailheadercheck. This milter also has a dry-run mode, so you can test it without any risk. I've installed it two days ago and when I check my postfix log, I can see I would have blocked 7 E-Mails if it wouldn't be in dry-run mode:

$ grep mailheadercheck /var/log/mail.log | grep 'result=reject' | awk -F 'error_response_text=' '{print $2}' | awk -F '"' '{print $2}' | sort | uniq -c | sort -n
      2 Missing Date:-Header
      5 Zero or too many addresses in From:-Header

Try it out and don't hesitate to use the comment-function!

English translation can be found here.