English translation can be found here.

Last week, we received the following message from Validity:

Dear Valued Subscriber,

We are thrilled to announce some exciting changes coming in September to our Feedback Loop service!

What's Changing:

Service Model Enhancement: Moving forward you will only have access to aggregated data insights within the application. To continue receiving spam complaints (ARF reports) you will need to upgrade your package.

Login Method Update: We are introducing a new, more secure login method. Email authentication will change from a secure email link to a username and password method supported by Auth0.

You will receive an additional reminder one week before the launch with additional information to ensure that you are well-prepared for the transition and have all the information you need to securely log in to your account.

Thank you for your continued support.

Money for nothing and the chicks for free! 🤨

Only Eartlink, Yahoo and Microsoft still provide Validity-independent FBLs:

* fblrequest@abuse.earthlink.net
* https://senders.yahooinc.com/contact
* https://postmaster.live.com/snds/JMRP.aspx

Edit: Also 1&1 and Mail.ru have Validity-independent FBLs via their postmaster page once you have an account. - Thanks for that, Sergey!

We received further information today:

To continue receiving Abuse Reporting Format (ARF) reports, you will need to upgrade your plan. The price will be $1,500 US annually, for up to 100,000 complaints.

Probably, this is just the beginning and you need to pay to get a SenderSore higher than 60 soon, or something like that. For 1500 annually, you can also have a dedicated InboxSys DMARC monitor.

When they were still called "Returnpath", they were a ripp-off. I'm surprised they can go even lower under the name of "Validity". What a bunch of crooks!

The full list of Validity-independent FBLs:

* Earthlink (E-Mail registration)
* Microsoft (JMRP, not exactly ARF)
* Yahoo (Domain based)
* mail.ru (via Postmaster page)
* 1&1 (mail.com, web.de and various gmx domains. Via Postmaster page)
* Google Postmaster (No ARF reports)
* SpamCop (indirect reports, various ISPs, valuable)

This posting was updated to reflect the comments posted

This draft would make it impossible for companies like Validity to hijack and abuse complaint feedback loops the way they do.

A little while ago, we posted a link to a file named "E-Mail Authentication for Receivers" from the German internet association, "ECO". Meanwhile, also "Authentication for Email Senders" from ECO is available for download. It's documentation at a relatively high level and full of useful tips and tricks.

Further documentation about E-Mail Authentication can be found in our Deliverability Wiki. Our Deliverability Wiki is work in continuous progress.

To give an example of work in progress: we have just published a full list of free and independent feedbackloops in our Deliverability Wiki. Bookmark it! We will keep this list updated.

This video is highly interesting! It shows why SPF should be optional in, if not removed from, DMARC. It also shows why ARC is pretty useless as it is.

Here is a short version of the story.

Credit where credit is due: Thanks again, Sergey!

Abusix may be the first to respond to your new CFBL header! We like that! ☄️

https://www.rfc-editor.org/rfc/rfc9477.html is now in "experimental" status. Not a draft anymore! 😊