Email

Who Is Email Security For?

Email has a security stack. SPF, DKIM, DMARC, BIMI, spam filtering – decades of standards work and infrastructure investment. Ask one question of each layer and a pattern emerges that I think explains a lot about the state of email today:

Who is this layer designed to protect?

Authentication protects brands

SPF verifies that a mail server is authorized to send for a domain. DKIM cryptographically signs messages so tampering is detectable. DMARC ties the two to the visible From address and lets domain owners publish a policy for failures.

Continue reading

The Cookie That Never Expires

You probably remember when the tracking cookie died. Browsers blocked them, regulators demanded banners for them, and the advertising industry spent years announcing its move to a “post-cookie world.” It felt like a win for privacy.

It wasn’t a win. It was a substitution. The identifier that replaced the cookie is your email address.

Why your email address is a better cookie than the cookie ever was

A cookie lived in one browser on one device, and you could clear it whenever you wanted. Your email address follows you everywhere. You type it into every store, newsletter, app, loyalty program, and login screen. It is the same on your phone, your laptop, and your work computer. It survives for decades.

Continue reading

Pixels Were Just the Beginning

Back in March we published a breakdown of how email tracking has evolved beyond the pixel – per-recipient identifiers planted in multiple places at once so that blocking any single vector leaves the others intact. We said we were treating tracking removal as a first-class feature, non-optional, like virus scanning. And we said we’d announce when it shipped.

It shipped.

This post covers what changed, what it means for your members, and why some of these protections matter more than the pixel ever did.

Continue reading

Google Asked Me to Help Fight Privacy Laws. Their Email Was a Tracking Device.

This morning I received an email from Google Customer Solutions with the subject line “[IMPORTANT] Take action on state regulations that could impact your business.”

The email warned that state lawmakers are “proposing regulations that could make it harder and more expensive for you to reach customers online.” It asked me to sign up to receive advocacy updates — which is a polite way of saying Google wants small business voices to help push back against state privacy laws that threaten their advertising business model.

Continue reading

The Tracking Arms Race: How Email Marketers Are Evolving Beyond the Pixel

You’ve probably heard about tracking pixels — tiny invisible images that tell senders when you opened their email. Email clients are getting better at blocking them. Apple Mail now pre-fetches images to defeat them. Privacy-focused users disable remote image loading.

So marketers are adapting.

We recently decoded emails from our spam folder and found something worth talking about. The tracking pixel isn’t going away, but it’s no longer working alone. A single per-recipient identifier is now being planted in multiple locations simultaneously — so that blocking one vector doesn’t break the whole tracking chain.

Continue reading