I’m seeing a significant amount of chatter on various lists that queues to Comcast are backing up right now. Looks to be something on their end.
Error messages are 421 “Try again later.” I’ll see if I can find someone at Comcast to give me some info.
Now that we’re deep in the middle of the Christmas shopping season, I’m seeing more and more complaints about delays at ISPs. Mickey talked about everything the ISPs have to consider when making hardware and buildout decisions in his post The hard truth about email on Spamtacular. When, like on cyber Monday, there’s a sharp increase in the volume of email, sometimes ISPs don’t have the capacity to accept all the email that is thrown at them.
Read MoreComcast recently published a statement on DMARC over on their postmaster page. The short version is that Comcast is publishing a DMARC record, but has no current intentions to publish a p=reject policy for Comcast user email. Comcast will be publishing a p=reject for some of their domains that they use exclusively to communicate with customers, like billing notices and security notices.
Comcast does point out that Yahoo! and AOL’s usage of p=reject is “not common usage.”
This is something a lot of people have been arguing loudly about on various mail operations lists and network lists. DMARC is about organizational identity. In fact, I was contacted about my DMARC primer and told that I didn’t mention that it’s not about domains, it’s about organizations.
The way I read the DMARC spec, it is all about organizational identity. The underlying theme being that the domain name is linked to a particular organization and everyone using email at that domain has some official relationship with that organization. I’ve always read the spec mentally replacing organization with corporate brand. This was for brands and organizations that strictly control how their domains are used, who can use those domains and how the mail is sent with those domains.
I never expected any mailbox provider or commercial ISP to publish a p=reject message as it would just break way too much of the way customers use email. And it did break a lot of legitimate and end user uses of email. Many organizations have had to scramble to update mailing list software to avoid bouncing users off the lists. Some of these upgrades have broken mailbox filters, forcing endusers to change how they manage their mailboxes.
Even organizations see challenges with a p=reject message and can have legitimate mail blocked. At M3AAWG 30 in San Francisco I was talking with some folks who have been actively deploying DMARC for organizations. From my point of view anyone who wants to publish a DMARC p=reject should spend at least 6 months monitoring DMARC failures to identify legitimate sources of email. The person I was talking to said he recommends a minimum of 12 months.
This is just an example of how difficult it is to capture all the legitimate sources of emails from a domain and effectively authenticate that mail. For a mailbox provider, I think it’s nearly impossible to capture all the legitimate uses of email and authenticate them.
It remains to be seen if the other mailbox providers imitate Yahoo! and AOL or if they push back against the use of DMARC reject policies at mailbox providers. Whatever the outcome, this is a significant shift in how email is used. And we’re all going to have to deal with the fallout of that.
e360 initially filed suit against Comcast early in 2008. They asserted a number of things, including that Comcast was fraudulently returning “user unknown” notices and that they were certified by ReturnPath. Comcast filed a countersuit alleging violations of CAN SPAM, violations of the computer fraud and abuse act, as well as a number of other things including abuse of process. In April of 2008 the judge ruled in favor of Comcast and dismissed e360’s case, while allowing the countersuit to proceed.
Over the last 18 months, the suit has moved through the courts. There have been significant delays in the case, and e360 seems to have been dragging their feet based on some of the motions filed by Comcast asking the judge to compel e360 to follow through on discovery.
Today, only weeks before the trial date, a settlement agreement was filed. The settlement agreement prohibits the defendants and any group associated with them from transmitting email to any domain owned by Comcast without affirmative consent (as defined by CAN SPAM). All mail sent by the defendants must comply with the Comcast Terms of Use or AUP. The defendants must not attempt to circumvent Comcast’s spam filters, must comply with CAN SPAM and must not help anyone else violate any of the provisions of the agreement.
The agreement also prohibits mail from defendants that: