Cloudflare Launches DNS Service

Cloudflare just launched their own public DNS service. To try it, simply configure your computer to use the DNS servers and Then your computer's DNS lookups (the internet's mapping of domain names to IP addresses) will route through Cloudflare instead of through your ISP.

This is being described as a privacy-focused tool, even though Cloudflare is getting access to gobs of data and traffic and could be doing stuff with that data. But if it's fast and works well, and your ISP's DNS servers don't work so well, it might be something to try.

There are actually a number of other DNS services like this out there.

Google Public DNS is perhaps the most well known one. (It's the one I use most often.) To use their service, you set your DNS server settings to use and

There's also OpenDNS and Quad9 that are intended to help block bad stuff.

And you can find even more services like that here. With all these options, does a savvy geek even need to run their own DNS server nowadays?

Though, I'm not sure it's safe to try to query DNSBLs (anti-spam blacklists) through these DNS services. It's entirely possible that some DNSBLs block them as they may appear to be overwhelmingly large sources of traffic. (Or possibly a DNSBL might like this if the DNS service effectively acts as a cache for them; but I don't have any data on this.)

Message Header & Message Checking Tools

Need a tool to parse message headers? Trying to break down how long it took to hand off an email message between servers?

Check out this tool from Microsoft, and this tool from Google. Both do basically the same thing -- you paste in the email headers and it will parse them, giving you a breakdown of how much time it took between each server hop.

Here's another Google tool you should bookmark. It lets you decode blobs of Base64-encoded content. Sometimes you'll find this handy when viewing the source of an email message and running into content encoded in this way. I just used it to decode an odd bounce message yesterday.

And here's another thing that a coworker shared with me -- Mail Tester helps you check your emails against SpamAssassin in an easy-to-use way. Check it out!

April 20, 2018 Update: Here's another neat tester: This widget from Litmus tells you what Gmail tab a message gets delivered into.


Did you use to shorten links in email newsletters or text versions of emails? Looks like the ability to do that is going away. Doesn't every ESP or email platform have its own click tracking or URL rewriting mechanism by now? And using third party URL shorteners has long been sort of a mixed bag, anyway.

What is Microsoft BCL?

Now that Microsoft has merged their Office365 and Hotmail/ platforms, this should apply to anybody sending to either platform. Microsoft calculates a "BCL" (Bulk Complaint Level) for a sender's IP address or sending domain name. (Which? I'm actually not sure at the moment. Let's assume both for now.)

The BCL score is a 0-9 score, where higher basically means "sent by a bulk sender, and more spammy." See this Microsoft Technet article for more details.

How do I tell what my BCL score is? Select "View Message Source" on an email message received at Microsoft Hotmail/ Find the "X-Microsoft-Antispam" header. Here's an example:

X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:CY1NAM02HT241;

That first entry -- BCL:0 tells us that this message is from a sender that has a BCL score of zero. (This message is not from a bulk sender.)

What do those other entries mean? PCL means "Phishing Confidence Level" per this document. So it's good to see that is zero. The rest? I'm not sure. I'll share more as I learn more.

Please Hire Mike Teixeira!

My esteemed industry colleague Michael Teixeira is looking for an opportunity in the anti-abuse or email fields. Got something suitable that you’d like to interview him for? I hope you'll consider him. He and I have something in common – we’ve both worked spam issues for MAPS (Mail Abuse Prevention System-- the first anti-spam blacklist group) – me, for a time before Trend Micro acquired MAPS, and Mike, after.

PSA: Time to update your ReCAPTCHA

Google's "ReCAPTCHA" API-based user validation process is very popular. So popular, that internet users are running into warnings here and there on the web, suggesting that it's about to stop working on some websites.

The reason? The V1 version is deprecated and about to be retired. It's going to stop working at the end of March, in just a couple of weeks from now.

The problem? Lots of sites have yet to update from V1 to V2. What happens to those sites on March 31st? I'm not sure, but it probably won't be a good thing.

What's the connection to email? Why am I posting about this?

Because Cloudmark is running V1 of the ReCAPTCHA. The spam filtering service is running the old version, too. The SURBL blacklist's lookup page, too. (Though SURBL just fixed theirs.)

There's probably a lot of other sites out there running the old version of ReCAPTCHA, as well. Do you use ReCAPTCHA on any of your websites? Have you upgraded to the latest version? If not, the time to do so is NOW.