DMARC: sp= policy not always needed

I've started to search for and catalog big brand DMARC records to look for ideas and suggestions, and also to develop some best practice recommendations.

One thing I'm seeing quite often is that a big company will put "p=reject" and "sp=reject" in the same DMARC record. In this scenario, the "sp=" setting is actually not needed-- it is extraneous.

The "p" setting is for your choice of DMARC setting. The "sp" setting is for your choice of DMARC setting for any subdomains. If you don't set "sp" then the "p" policy is applied to any subdomains. So the only reason you would want to add "sp=" is if you want to specify a different policy for subdomains. If you want to give this domain and any subdomains the same policy, you don't need to include the "sp=" directive.

In short, there's no need to add "sp=" unless you want subdomains treated differently. Why would you add the "sp=" setting? If you don't have any legitimate subdomains, you could set your domain policy to "p=none" (safer for the main domain) but "sp=reject" (more restrictive for subdomains) to tell the world that any subdomains seen should be bounced (because they wouldn't authenticate properly, because you in theory don't have any subdomains).

Here's an easy guide to the variables present or optional in a DMARC record. This seems worth bookmarking.

250ok on DMARC adoption among top US colleges

Matt Vernhout of deliverability monitoring service provider 250ok reports that US colleges are slow to adopt DMARC. I'm not totally surprised; my personal observation is that the financial sector and top tier ISPs/webmail providers seem to be leading the DMARC charge. But I do agree with 250ok that it's time for higher ed to get schooled on DMARC.

File under obvious? Engagement rules!

A bunch of friends have been forwarding around this link to an article from "EContent" entitled "Research Finds Email Senders with Strong Subscriber Engagement Are Likely to See Less Email Delivered to Spam"

On one level, duh.

But also, on another level, it's great to see this supported with research. There are always people out there who doubt what we in deliverability see and explain every day. Sometimes you even run into people like that one guy who ran that agency that went under whose whole shtick was telling people to do the opposite of what deliverability consultants said. It was bad advice, and that kinda thing gets tiring after a while.

So I'm very happy to see Return Path data and analysis supporting what I know to be the best path.

Go straight to the source (here) to get access to the full report.

Howto: Disable your Gmail spam folder

I have a few Gmail accounts set up where I programmatically download all the mail so that I can generate a report showing information about each message. Sometimes, some of the email messages I receive and want to report on go to the spam folder. I could download mail from the spam folder, but instead, I figured it would be easier to just configure my Gmail account so that no mail goes to the spam folder.

It's easy to do that. Here's how:

1. In Gmail, go to Settings.
2. Under Filters and Blocked Addresses, click on "Add new filter."
3. In the To field, type "me" (without quotes).
4. Click on "Create filter with this search."
5. Select "Never send it to Spam."
6. Click on the "Create Filter" button to save and activate your new filter.

This will prevent almost all inbound mail to you from going to the spam folder. A few types of messages, mostly malformed ones, might slip through, but I'm OK with that.

This isn't something you'd want normally, but there are a number of use cases where this can come in handy, so I figured I would share it with all of you.

Note that any mail already in the spam folder is not going to magically get moved to the inbox. This only affects new mail as it comes in.

Best US cell carrier for phone spam protection? T-Mobile.

I'm curious to dig into the methodology here to look for limitations, but so far so good. Money reports on a recent study to compare spam identifying/blocking functionality of the top four US cell carriers. T-Mobile came out on top as far as identifying or blocking Scam/Fraud and Telemarketing/Spam calls.

I had T-Mobile years ago and was generally happy; though when my wife and I were forced to move back to Minnesota to deal with family issues, we would have had reception issues outside of Minneapolis, so we went with Verizon. That chapter is now behind us, and so now that we're basically steady in a big city here in Florida, maybe it's time to change. Spam call blocking matters to me; what do you all think, dear reader?

Ask Al: Group mail is being blocked, what do I do?

Recently, a reader wrote in with the following question:

I host an email group of about 450 people who share a common autoimmune medical condition. I send/receive email through a Gmail account set up in Windows Live Mail on a home PC. My ISP is RCN.  Recently, any emails sent to any group member using an AOL or Verizon.net account are being blocked by AOL. I sent an email to AOL asking to not be blocked and my request was denied with little feedback as to why. I was then pointed to recent changes concerning DMARC and FBL. I generated an AOL account just for those members to get the information they need but this is an awkward way to send emails, using two separate accounts.