Now you can read your email on Xbox One

Jess Nelson of MediaPost's EmailMarketing Daily shares news of the first-ever email client for the Xbox: MailOnX. Though, designers, I wouldn't necessarily start worrying about focusing your email marketing design efforts on Xbox as a platform JUST yet.

Beware: Student loan forgiveness spam

SC Magazine shares details of a Symantec report identifying student loan forgiveness spam as a path for the unwitting to get infected with malware. Particularly timely, given all the news lately about for profit colleges shutting down, leaving ex-students wondering what comes next with regard to their loans.

These spammers aren't very discriminating with whom they're targeting, based on the never-valid addresses I'm seeing the spam come in to. I called the number in one of the spams last Friday and talked to a very unhelpful young lady who didn't want to tell me anything about the unwanted mail she was somehow connected to. But at least I perhaps kept her from scamming somebody for a few minutes.

Not only should you be careful not to believe promises made in these spam messages, but even if they weren't spammers, you apparently still shouldn't be paying for debt consolidation or student loan discharge help.

And remember, no legitimate company is ever going to ask for payment in the form of an iTunes gift card.

Obama Administration Says Text-Spam Law Is Constitutional

Wendy Davis of MediaPost reports on a challenge to the TCPA (Telephone Consumer Protection Act), the US law that is the basis of US prohibition against unsolicited text messaging. The challenger: Facebook. The defender: the government. Read more about it here.

Yahoo! Mail: No Forwarding for you

It is being reported that Yahoo! Mail has disabled the ability for users to enable email forwarding. If you already have the feature enabled, you might be fine. But if not, there's no turning it on now. Conspiracy theorists say it's a play to keep people from leaving Yahoo. I'm not so sure. Is anything ever that simple? What do you think? Read more about it at TechCrunch or Fortune.

Update (October 14, 2016): Yahoo! Mail forwarding has been restored.

Checking an SPF record with the Kitterman SPF Validator

If you received an email message in your Gmail inbox, Google provides easy-to-read authentication results, showing you if the email message in question properly passed SPF authentication.

But what if you want to check a proposed SPF record, a potential change, to see if it is going to work, before implementing it in DNS? Here's how I do that.

DNS consultant and smart guy Scott Kitterman has a useful-and-simple page of tools for SPF Querying and Validation. Go to this page. Scroll down to "Test an SPF record." Fill out the form, submit it, and his checking tool will tell you if the proposed SPF record passes validation.

Let's do this with my domain. I want to test this as a potential SPF record: v=spf1 ip6:2607:f2f8:a760::2 ip4: ip4: ip4: ip4: ip4: ~all

I'm going to use as my sending IP address, it's my primary email server currently.

For the MAIL FROM address, I put in the return-path (MFROM) address that my mailing list uses. For the HELO address, I put in what I think my server's name is from its mail software configuration. (If you're not sure, just put in bounce@(domain) in Mail From, and (domain) in HELO Address. If I had done that here, it would be and

Then hit the "Test SPF Record" button and you'll get a response something like this one:

The important bit we're looking for here is "Results - PASS sender SPF authorized." That tells us that this SPF record is correct, and that mail with a message from of will properly authenticate when sent from IP address, if I were to implement this SPF record in DNS.

If I was getting an error or I had typo'd something, I could hit the "back" button in my browser, make corrects, and test again.

Best practices for parked domains

A few months ago, I posted about "SPF Lockdown," a simple way to use an SPF (sender policy framework) DNS record to tell the world that a given domain sends no mail.

Email/anti-abuse industry group M3AAWG has some useful guidance that goes even further. Back in December 2015, they published a white paper entitled "Protecting Parked Domains Best Common Practices." It covers what I refer to as SPF lockdown, and it additionally instructs you on how to configure appropriate DKIM and DMARC DNS entries to both ensure that your non-mailing domains are as secure as possible, and enable you to receive reports about bad guys misusing your domain.

You can download the white paper here.