William Weiner

Who Is Email Security For?

Email has a security stack. SPF, DKIM, DMARC, BIMI, spam filtering – decades of standards work and infrastructure investment. Ask one question of each layer and a pattern emerges that I think explains a lot about the state of email today:

Who is this layer designed to protect?

Authentication protects brands

SPF verifies that a mail server is authorized to send for a domain. DKIM cryptographically signs messages so tampering is detectable. DMARC ties the two to the visible From address and lets domain owners publish a policy for failures.

Continue reading

The Cookie That Never Expires

You probably remember when the tracking cookie died. Browsers blocked them, regulators demanded banners for them, and the advertising industry spent years announcing its move to a “post-cookie world.” It felt like a win for privacy.

It wasn’t a win. It was a substitution. The identifier that replaced the cookie is your email address.

Why your email address is a better cookie than the cookie ever was

A cookie lived in one browser on one device, and you could clear it whenever you wanted. Your email address follows you everywhere. You type it into every store, newsletter, app, loyalty program, and login screen. It is the same on your phone, your laptop, and your work computer. It survives for decades.

Continue reading

The Right Call, Handled Badly: The DreamHost Mailman Shutdown

DreamHost recently announced they are shutting down their hosted Mailman service. If you run a mailing list there, you have until July 31 to figure out where to go.

The announcement landed badly. Community forums and Reddit threads filled up quickly – not just with people asking what to do next, but with people who were genuinely angry. And the anger has been spilling over into broader conversations about DreamHost as a company.

Continue reading

Pixels Were Just the Beginning

Back in March we published a breakdown of how email tracking has evolved beyond the pixel – per-recipient identifiers planted in multiple places at once so that blocking any single vector leaves the others intact. We said we were treating tracking removal as a first-class feature, non-optional, like virus scanning. And we said we’d announce when it shipped.

It shipped.

This post covers what changed, what it means for your members, and why some of these protections matter more than the pixel ever did.

Continue reading

Google Asked Me to Help Fight Privacy Laws. Their Email Was a Tracking Device.

This morning I received an email from Google Customer Solutions with the subject line “[IMPORTANT] Take action on state regulations that could impact your business.”

The email warned that state lawmakers are “proposing regulations that could make it harder and more expensive for you to reach customers online.” It asked me to sign up to receive advocacy updates — which is a polite way of saying Google wants small business voices to help push back against state privacy laws that threaten their advertising business model.

Continue reading

The Tracking Arms Race: How Email Marketers Are Evolving Beyond the Pixel

You’ve probably heard about tracking pixels — tiny invisible images that tell senders when you opened their email. Email clients are getting better at blocking them. Apple Mail now pre-fetches images to defeat them. Privacy-focused users disable remote image loading.

So marketers are adapting.

We recently decoded emails from our spam folder and found something worth talking about. The tracking pixel isn’t going away, but it’s no longer working alone. A single per-recipient identifier is now being planted in multiple locations simultaneously — so that blocking one vector doesn’t break the whole tracking chain.

Continue reading

The Invisible Attack: How AI Is Being Weaponized Against You

You’ve probably started using AI to help with your email. Gmail’s “Help me write,” Outlook Copilot, or maybe you forward messages to ChatGPT for summaries. These tools are convenient, powerful, and increasingly essential.

But here’s what the big providers aren’t telling you: Attackers have figured out how to hijack your AI assistant through hidden instructions you can’t even see.

At EMail Parrot, we believe it’s time to talk about the newest threat to your inbox—and why the tools you trust to help you are becoming the very tools attackers use against you.

Continue reading

Stop Paying Per-User Email Fees: A Cost-Effective Email Solution

Let’s talk about something that’s probably irritating you right now: your business email costs. You started with just yourself - maybe a free Gmail account or a modest $6/month Google Workspace seat. Then you hired a virtual assistant. That’s another $6-12/month. Added a part-time bookkeeper? Another seat. Brought on seasonal help for the holidays? Suddenly you’re provisioning five more accounts you’ll only use for three months, but you’re paying for the full year.

Continue reading

Your Family Deserves Better Than Corporate Email

From Digital Doormat to Privacy Fortress: Taking Control of Your Family’s Email

Picture this: You’re signing up for your daughter’s school portal, your elderly father is trying to book a doctor’s appointment online, and you just gave your email to yet another store at checkout. Within weeks, your inbox is drowning in spam, tracking pixels are following your every click, and you’re wondering if that “urgent” email from “your bank” is actually a phishing scam. Sound familiar?

Continue reading

The "Insecure" Truth: Why Big Email Providers Are Letting Phishers In

Have you ever wondered why, in 2026, your “reputable” email provider still delivers messages that have zero cryptographic proof of who they’re from?

We’ve all seen them: phishing attempts with no SPF records and failed DKIM signatures. Yet, they sit there in your inbox—or at best, your spam folder—waiting for one accidental click.

At EMail Parrot, we believe it’s time to talk about the economic “elephant in the room” that keeps your inbox vulnerable.

Continue reading