Most federal departments aren’t using DMARC: Wyden

Found on the Sophos Naked Security blog:  Senator Ron Wyden (D-Oregon) contacted the US Department of Homeland Security in a July 18 letter where he 'asked the agency to “take immediate steps” to mandate that all federal agencies implement DMARC (Domain-based Message Authentication, Reporting and Conformance), an email authentication, policy, and reporting protocol launched in 2012 that helps prevent email domain spoofing.' He noted that DMARC has been implemented by very few government agencies to date.

This is good to see, and one hopes it helps drive DMARC adoption. It's not a phishing cure-all, but I still think it's an important step in the fight to reduce the risks around email forgery.

AOL: Reputation corrected and request denied

Check out the reply I received in response to a recent AOL Whitelist Request submission:
Subject: Reputation corrected and request denied
Your Whitelist request, with the confirmation code X, has been denied. 
The requested IP address(es) is receiving temporary failures due to poor reputation. We have corrected the reputation and this should help in better delivery of mails. Please monitor the spam complaints via the feedback loop and re-apply for Whitelist after you have built a good 20-day history on your IPs. Also, check the reputation of the IP before opening the ticket at: https://postmaster.aol.com/ip-reputation.
Feedback Loop Request form can be found at: https://postmaster.aol.com/fbl-request
Have you seen this one before? I haven't. I think it's really cool, though. It explains what they've done and what you need to do, if you want to get whitelisted at AOL.

Here's what they're saying:
  1. Your sending IP address doesn't have a great sending reputation today.
  2. But, AOL has reset the sending reputation of your IP address, giving you another chance to build a good reputation.
  3. They're telling you to keep your nose clean (build a good reputation) for at least 20 days before applying for whitelisting.
  4. They're reminding you to sign up for AOL's ISP Feedback Loop.
Seems pretty straight forward to me. I wish all ISP responses were this clear and easy to understand. Good job, AOL!