This Week in Email — May 13, 2026

A busy week on the infrastructure side. Europe's second-largest mailbox cluster is finally enforcing what it's been publishing as policy for years, the IETF quietly killed an eight-year authentication experiment, and Microsoft's Q1 threat numbers are the kind that make you want to re-read your anti-phishing stack docs over a coffee. On the lighter end: Klaviyo is betting that marketing agents running unsupervised inside Claude is a feature, not a warning label.

If your domain publishes p=reject and your authentication isn't clean, 1&1's mailbox cluster will now bounce you at the SMTP transaction with a 554 Transaction failed error. The rollout is phased and was announced via MAILOP on May 6.

This matters because GMX, WEB.DE, and mail.com collectively serve around 42 million active users — mostly in Germany and Austria, but with meaningful diaspora reach. These are not corner-case inboxes. For senders who have been coasting on p=quarantine or who have subtly misconfigured SPF / DKIM alignment, this is the prompt to actually fix it.

The short version: inbound DMARC enforcement at a major European provider is no longer hypothetical. Check your alignment before your recipients' postmasters check it for you.

Spam Resource: GMX/WEB.DE/mail.com moving to inbound DMARC enforcement

A new IETF draft filed April 22 (draft-ietf-dmarc-arc-to-historic-00) formally proposes reclassifying the Authenticated Received Chain protocol as Historic. The verdict: the trust-gap problem ARC was designed to solve — preserving authentication context across forwarding hops — remains unsolved. Implementers are being told to stop deploying it.

ARC launched as a proposed standard in 2019 and was adopted by Gmail and a handful of large receiving providers. The idea was sound: sign each hop in the delivery chain so the final mailbox provider could evaluate authentication provenance across forwarding. The problem was that it required mutual trust between intermediaries, and the internet never converged on a trust model. Nobody agreed on whose ARC seal you should actually believe.

The lessons get folded into DKIM2 — which is still very much a draft. If you've been relying on ARC to make DMARC forwarding scenarios work, this is a signal to watch what comes next from the DMARC working group, not a cliff-edge change today. But the formal retirement matters: it closes a chapter.

IETF DMARC Working Group: draft-ietf-dmarc-arc-to-historic-00

Microsoft's Q1 2026 email threat report is out and the headline number is hard to ignore: QR code attacks jumped from 7.6 million to 18.7 million incidents — a 146% increase in a single quarter. The mechanism is the same as it's been: embed a QR image in a PDF or email body, dodge link scanners, redirect the human to a credential-harvest page.

The one piece of good news in the report is that Microsoft disrupted Tycoon2FA, a phishing-as-a-service kit that had been widely used for adversary-in-the-middle credential theft. That disruption cut Tycoon2FA volume by about 15%. The less-good news: 90% of high-volume campaigns now run on PhaaS infrastructure, so disrupting one kit shifts volume more than it eliminates it. Credential phishing accounts for 94% of payload-based attacks.

The Barracuda data published May 12 (see links) lines up with Microsoft's numbers on QR codes. When two separate vendors' fresh telemetry point to the same attack vector in the same week, it's usually real.

Microsoft Security Blog: Email Threat Landscape Q1 2026

Klaviyo announced on May 7 that its Model Context Protocol server now integrates with Claude.ai and Claude for Work. The practical upshot: an unattended Claude agent can pull Klaviyo segment data, draft campaign copy, run list audits, and generate performance summaries without a human in the loop at each step.

This is genuinely new territory for ESP integrations. Most "AI in email marketing" announcements so far have been in-platform copilots — a suggestion engine inside the ESP's own editor. Connecting the ESP to an external agent runtime is different. The agent can synthesize data across tools and initiate workflows, not just autocomplete subject lines.

Worth watching: the interesting question isn't whether Klaviyo-in-Claude works. It's what the accountability model looks like when an agent writes and schedules a campaign autonomously. The early documentation doesn't address this, which is about what you'd expect for a v1.

Klaviyo / BusinessWire: Klaviyo Expands Integration with Anthropic

Stalwart v0.16 released — The open-source Rust mail server dropped a major release: rewritten web UI, external OIDC support, expanded DNS automation (Route53, GCP, Bunny, and others), and a new CLI. The release notes describe it as an architecture overhaul that enables "features previously impossible." If you run or follow self-hosted mail infrastructure, this is the most significant Stalwart release to date. (stalw.art)

Barracuda 2026 Email Threats Report — Fresh May 12 data: 70% of malicious PDFs now embed QR-code links, 90% of high-volume attacks run on PhaaS kits, 34% of companies report at least one account takeover per month, and 1 in 3 inbound emails is malicious or spam. The QR-in-PDF finding is the one to use if you're having conversations about filtering posture with non-technical stakeholders. (barracuda.com)

Resend adds native chart embedding — Developers using the Resend API can now embed bar, line, and area charts directly in email — rendered server-side as email-safe HTML. Announced April 30. This is a genuinely unusual feature; most transactional platforms treat email as a text-and-image container. Worth knowing if you send data-heavy reports or digests. (resend.com/changelog)

That's the week. If something is wrong, reply and tell me — I read every response.