【Hacker News搬运】深入了解2024年的电子邮件交付能力
-
Title: A deep dive into email deliverability in 2024
深入了解2024年的电子邮件交付能力
Text:
Url: https://www.xomedia.io/blog/a-deep-dive-into-email-deliverability/
2023年10月,谷歌、雅虎和Outlook.com宣布了新的电子邮件安全标准,以防止垃圾邮件、网络钓鱼和恶意软件尝试,执行将从2024年4月开始。这些标准要求发送者实施电子邮件验证协议,如SPF、DKIM和DMARC,以帮助防止伪造并确保电子邮件的真实性。大批量发送者,定义为在24小时内向个人Gmail账户发送接近5,000条消息或更多的消息,主要受到影响。这些标准还要求提供易于点击的取消订阅选项和改进的电子邮件内容参与度。不遵守可能导致电子邮件被阻止或发送到垃圾邮件文件夹。为了帮助实施,还有各种在线工具,例如SPF生成器、DKIM生成器和DMARC生成器。谷歌邮管工具和雅虎发件人中心为发送者提供洞察和诊断。遵守这些指南对于企业保持电子邮件的可投递性和参与度至关重要。 本文重点介绍了减少垃圾邮件的重要性,并提供了各种电子邮件发送者的要求和建议,以及不同电子邮件服务提供商(如Gmail、Yahoo和Outlook.com)的概述。它还突出了一键式取消订阅功能,并提供了一些相关资源和组织的链接(例如open-spf.org、dmarc.org和RFCs),以帮助发送者遵守电子邮件规定。此外,本文还强调了发送未经请求的电子邮件的法律方面,特别提到了美国的CAN-SPAM法案、欧盟的GDPR和加拿大的CASL,并建议发送者研究和遵守国际法律和规定。
Post by: xoneill
Comments:
xyst: Given how much weight “Gmail”, “Outlook”, and “Yahoo” email providers pull, I have always wondered about a different type of attack on business entities: “targeted failed deliverability”<p>Basically in this attack, a victim (particularly a business or mailing list or NGO) is sending out bulk emails to which the attacker owns. Even sourcing this out to shady off shore click farms would work too.<p>Attacker then marks the victim’s emails as spam in Gmail/Yahoo/Outlook. The “AI spam filters” pick up on this new “spam activity” and will then mark future emails as spam or even delete them before reaching real customers.<p>After a year, company bleeds money on a quarterly basis. Ad departments wonder why there is decreased engagement through email. Technical departments are bamboozled.<p>Maybe a big company will be able to weather the storm or just ditch email altogether. But small companies would definitely take a hit. Even smaller NGO or political mailing lists would lose donations (assuming email was a significant source of new donations).<p>Probably a very low vector of attack tbh, but something that has lingered in my mind.
xyst: 考虑到“Gmail”、“Outlook”和“Yahoo”电子邮件提供商的影响力,我一直想知道对商业实体的另一种类型的攻击:“有针对性的无法送达”<p>基本上,在这种攻击中,受害者(尤其是企业、邮件列表或非政府组织)正在向攻击者发送大量电子邮件。即使将其外包给隐蔽的离岸点击农场也会奏效<p> 攻击者然后在Gmail中将受害者的电子邮件标记为垃圾邮件;雅虎/;见解“人工智能垃圾邮件过滤器”会发现这种新的“垃圾邮件活动”,然后将未来的电子邮件标记为垃圾邮件,甚至在到达真正的客户之前将其删除<p> 一年后,公司按季度亏损。广告部门想知道为什么通过电子邮件的参与度下降了。技术部门被欺骗了<p> 也许一家大公司能够经受住这场风暴,或者干脆放弃电子邮件。但小公司肯定会受到打击。即使是较小的非政府组织或政治邮件列表也会失去捐款(假设电子邮件是新捐款的重要来源)<p> 可能是一个很低的攻击向量tbh,但有些东西一直萦绕在我的脑海中。
ttul: This change was necessary and long overdue. Requiring domain owners who send significant volumes of email to properly sign their messages allows receivers to more clearly delineate good from bad based on domain reputation rather than IP address reputation.<p>As more domains send email through shared IP space on transactional and marketing services, having the ability to attach reputation reliably to the sender domain is incredibly helpful in reducing abuse.
ttul: 这一改变是必要的,早就应该改变了。要求发送大量电子邮件的域名所有者正确签署他们的消息,可以让接收者根据域名声誉而不是IP地址声誉更清楚地区分好坏<p> 随着越来越多的域通过交易和营销服务的共享IP空间发送电子邮件,能够将信誉可靠地附加到发件人域对减少滥用非常有帮助。
hedgehog: One thing the April changes break is forwarding between e-mail services. If you currently forward from say an old university address at foo@school.edu to a personal GMail account at bar@gmail.com that will no longer work. This must be relatively uncommon if the major providers are charging ahead with these changes but it's pretty annoying for the people affected.
hedgehog: 4月的变更休息时间是在电子邮件服务之间转发。如果你目前转发的是一个旧的大学地址foo@school.edu转到个人GMail帐户bar@gmail.com这将不再有效。如果主要提供商正在提前进行这些更改,那么这肯定是相对不常见的;这对受影响的人来说很烦人。
r1ch: I'm surprised how many big companies fail the one-click unsubscribe test. Whether it's Cloudflare or Akamai blocking the connection, pages that take 5+ seconds to load, pages that require you to sign in or input your email address again... don't be surprised when customers reach for the Report Spam button instead.
r1ch: I-;我很惊讶有这么多大公司没有通过一键取消订阅测试。无论是;s Cloudflare或Akamai阻止连接,加载耗时5秒以上的页面,需要您再次登录或输入电子邮件地址的页面。。。don;当客户转而点击“报告垃圾邮件”按钮时,不要感到惊讶。
acidburnNSA: I'm surprised anyone's been getting through at all without perfectly configured SPD, DKIM, and DMARC. I've had a well configured self-hosted personal email server for years and still struggle to get through sometimes, though it does seem to be getting better.
acidburnNSA: I-;我让任何人感到惊讶;在没有完美配置SPD、DKIM和DMARC的情况下,我们一直在努力。I-;多年来,我一直有一个配置良好的自托管个人电子邮件服务器,尽管它似乎越来越好,但有时仍很难通过。