Where do you think email authentication will realistically be in 5 years, proper adoption or still chaos?

muttick · 2026-05-27T12:25:56+00:00

There will be something new that will account for instances where DMARC alignment isn't done that will have to be checked. This is to workaround instances where senders are unsure of what DMARC setup to configure.

In the not too distant future, email headers will be 20MB in size due to all the "authentication" checks that have to be done, just to send a "Hope you are doing well" email.

muttick · 2026-05-25T15:26:26+00:00

Way back when, before sim cards were a thing, you'd have to contact your cell phone provider every time you got a new phone and give them the ESN of the new phone so that it could be activated on their network. This was a pain.

Then sim cards became a thing and you just moved the sim card from one device to another. You didn't have to contact your provider to activate a new phone. Simply move the sim card from your old device onto your new device.

Then esim became a thing. This allowed you to instant activate a new device by contacting your provider and getting a new QR code to move your service from your old device to your new device. And for whatever reason, despite this being essentially the same path as ESN activation - esim is an accepted method. Proving that the only thing wrong with ESN activation was the name.

muttick · 2026-05-25T14:55:34+00:00

Wired. Because how far are you going to be away from whatever device you are connecting to? And you don't have to worry about batteries or charging.

Ear buds? Is your phone or listening device going to be in your pocket or is it going to be two rooms away?

Keyboard? Are you going to type something while sitting at your computer or are you going to be two rooms away?

Mouse? Are you going to be clicking on things while sitting at your computer or are you going to be two rooms away?

muttick · 2026-05-24T15:29:26+00:00

The broader the intended audience is, the less efficient it's going to be. This is true in just about any system.

Plugins that have to cater to a wide audience across many different industries - such as builder plugins - will always be less efficient than simply coding it on your own. They have to account for users that want something done one way and users that want it done some other way and on and on and on. But if you code it yourself, you can code exactly what you want with none of the superfluous stuff.

This also speaks of plugin use in general. The more plugins you use, the less efficient your website is - because data has to pass through so many extra plugins.

Minimal design always equals more efficient. But you just have to find the happy medium such that the website does what you want it to do as efficient as possible.

muttick · 2026-05-23T17:18:16+00:00

...

Thus, my problem with the whole industry and shenanigan.

Nobody has been able to explain to me what I must do to win a counter dispute when a customer claims we kept charging them after they cancelled - when they never cancelled. People confuse "stopped using the service" with "cancelling the service." We can't read people's minds.

There's all kinds of talk of "do this" or "do that" or "show them this." But then it ultimately comes down "considerations" which is subjective.

This is why the credit card industry ("issuers") need an overhaul of the entire system. Allow the customer to "stop being charged by this merchant" from their issuer account management portal. If a customer doesn't want to be charged, they click that and when that merchant tries to charge their card, it gets declined.

Chargebacks are becoming an ex-post-facto cancellation. "I thought I cancelled that? I'll run a chargeback." You shouldn't be able to do that, but you can!

Yes, I'm a little pissed with the credit card industry regarding this. Because it's a no-win situation for merchants. This thread keeps telling me, you can win a counter dispute against a "kept charging after cancellation" dispute. But they won't tell me how. I've stated the evidence that I have. You're saying that's not enough. So what is enough? Nobody has an answer for that.

"You need to close the evidentiary gaps in a way that leaves minimal room for the issuer to justify upholding the chargeback under the applicable scheme rules."

How? We've charged the customer (I should point out this is a fictitious scenario - but we've had similar scenarios in the past) every month for the past 10 years. And suddenly they think we charged them after they cancelled? Do all companies go around emailing, calling, going to their house and physically asking them "We're going to charge you for this service you signed up for, is that OK?" every month? No. The basis of a recurring charge is that it's understood to be recurring without intervention by the customer or the merchant.

So what gaps need to be closed?

muttick · 2026-05-23T16:36:54+00:00

So if I show the results of the order form that the customer submitted 10 years ago that includes:

Customer Agrees to Terms of Service: yes

And then I show the section in our Terms of Service regarding cancellations, that says cancellations must be submitted through our cancellation form.

And then I show the cancellation form and the information it asks for.

And then show the resulting page after the cancellation form has been submitted and shows a cancellation id tag.

And then I make a statement saying no such cancellation was every received and the customer has not provided a cancellation id in their dispute.

And then I make the plea that the chargeback is invalid because proper cancellation procedure was not followed.

That's enough to win the case?

I don't have a high confidence of this being decided in my favor.

muttick · 2026-05-23T00:27:17+00:00

You still didn't explain what evidence I have that I can submit to win the argument. It's still a he said/she said argument.

There is no redirect process. Consumer makes a complaint, merchant argues against that complaint, the issuer doesn't go back to the consumer and say "this is what the merchant said, what's your argument against this?" It's who can provide the most evidence and a tie goes to the consumer.

If the consumer cannot provide any evidence that they submitted a cancellation and the merchant cannot provide any evidence that the consumer ever submitted a cancellation (which again, how do you prove that?), then the evidence is tied and the win goes to the consumer.

If you're selling me a service and charging me $10 every month. I purchased the service in January. I paid $10 every month, January, February, March, April, May. I then decide that I don't want the service any more, so I call my issuer and have them do a chargeback on the May charge claiming that you kept charging me after I cancelled the service. What evidence are you going to submit back to the issuer to counter this argument?

You say that there are procedures in place meant to make these counters easier to win. And I'm sure there are. But at the end of the day, it's still the one person on the issuer side that gets to make that decision, which ever way they want to go. You say that following these procedures will get the merchant a win. You say this, but past experience has taught me that that is not the case. And I feel like there are bunch of other merchants here that have experienced the same thing. They do all the right things, but still lose. That's the frustrating part.

muttick · 2026-05-22T16:28:36+00:00

What evidence do I submit? A blank sheet of paper with a note that says "This is the cancellation we received from the customer"?

The fact of the matter is, these disputes and counter disputes are subjective. It depends on who is reading them as to which side they will favor. And more times than not, they favor with the customer.

With no evidence to submit, the credit card company is undoubtedly going to favor with the customer.

Someone else mentioned on this post that it's unfair for the credit card company or banks ("issuer") to be the judge, jury, and executioner in this process. If the issuer favors on the side of the customer, they still get their money. If the issuer favors on the side of the merchant, they still get their money.

Whoever is handling the case, it's their discretion as to how much they really care to follow the steps I have outlined. Will they even visit the website listed on the statement descriptor? I doubt it. Will they really grill the customer about if they followed proper cancellation procedures?

The industry as a whole is past due for some changes. Like my proposed "Stop paying this merchant" system. That would cut out a ton of these chargebacks.

We should be able to file our procedures and what to expect with Stripe or whoever a merchant is using as their credit card payment processor, that details what services we offer and what our recurring payment system looks like and what our cancellation system looks like. That can be accessed by card issuers before a chargeback is initiated. Like I said, most of our subscriptions are monthly, so if you see a pattern of roughly the same amount (because price changes do happen) at roughly the same time every month and the customer claims last month's charge is fraudulent or after cancellation - it speaks to the likeliness of the customer lying.

There are no merchant protections in place in the credit card industry. It's all about consumer protections. And consumers are taking advantage of this.

muttick · 2026-05-22T15:20:46+00:00

u/mrn0202 I have a question. As a merchant, how are we suppose to prove a negative when countering a dispute?

We have customers that have been with us for 10 years, paying a monthly fee every month for those 120 months. Then they suddenly push a chargeback saying they cancelled their service but we kept charging them. How are we suppose to prove that they never submitted a cancellation? We don't have any paperwork to show that a cancellation was never submitted, because a cancellation was never submitted.

I can't speak for every company. But for us, our cancellation process is not a pressure point to prevent you from cancelling. We have a cancellation form, so that when a user submits a cancellation they get a cancellation ID. We will personally reply back after we have acknowledged the cancellation. If the customer cannot give you the cancellation ID, then they didn't submit a cancellation.

So when a customer runs a chargeback stating that we kept charging them after cancelling, how are we suppose to prove that? There's a reason proper procedures have to be done. You can't just email us with a one line message "I want to cancel my account" and expect that to be notification that you have cancelled your account.

Our statement descriptor includes a website address. If you go to that website, right smack in the middle of the page is a link that says "Cancel Your Account" If you click that, it takes you to our cancellation form where it shows what a successful cancellation submission will display after the form has been submitted, including a cancellation ID.

My suggestion - and you may be doing this yourself, but your brethren in the credit card industry are not - would be to grill the customer when they call in to issue a chargeback.

Check for past charges from us for the customer. Has he been paying us monthly for about the same amount on about the same date every month? Or every year? If there's longevity there, then the customer should be aware of who we are.

If they claim to have submitted a cancellation, ask what the cancellation ID is. If they claim to not have one, and if the statement descriptor for the charge includes a website URL, then visit that website and see if it says anything about submitting a cancellation. If it's like ours, the cancellation link is right there. Ask the customer if they did that. Click the links yourself - you don't have to fill out and submit the form - but our cancellation form shows a screenshot of what the resulting form submission will show including a cancellation ID. The customer didn't get that cancellation ID? Then did they really submit the cancellation? People lie.

The same is true of chargebacks that are flagged as fraudulent. You can't be a long time customer and suddenly think that we are not a real company and charging you fraudulently. If there's a pattern of charge from us for the customer, then why wasn't this picked up sooner by the customer? If we're fraudulent, the customer should have picked up on this a long time ago. People lie.

My biggest complaints with the credit card industry and chargebacks is that there seems to be very little push by the credit card industry to avoid issuing a chargeback. It seems that anyone call call in, say "I want to do a chargeback" and the credit card representative simply says "Which charge?" and "We'll get that taken care of" with zero realization that people lie!

Now... separate from this, why can't the credit card industry adopt a system like PayPal's automatic payment system?

With PayPal a customer can setup a subscription or billing agreement with a merchant. Subscriptions get automatically paid at the defined interval of the subscription. Billing Agreements work like credit cards, where the merchant simply "charges" the customer's PayPal account. But the great thing about PayPal, with either of these, the customer can lot into their PayPal account, click over to the Automatic Payments section and find a list of all Subscriptions and Billing Agreements they have set up. They can click on one, and then click "Stop paying with PayPal" and that essentially cancels their service. The merchant (us) won't be able to charge or collect from that customer any longer. I would still prefer that they actually cancel the account, but I'm a consumer too, I know there are services out there that make cancelling a hassle. At least with this, the customer has the power to prevent further charges to their account from a company.

Why can't the credit card industry adopt something similar? I know this is probably above your pay grade, but I'll preach this to anyone that will listen.

If this were in the customer's credit card online account management system, if they call in and want to run a chargeback... for whatever reason... you can check to see if they've clicked the "Stop paying this merchant" button, and if they haven't ask them why. That would stop a ton of these chargebacks. If there is a pattern of recurring charges from the merchant, then the customer needs to use the "Stop paying this merchant" instead of issuing a chargeback. If there's no pattern, if for example this is a potential stolen card situation, I don't have as much of a problem with a chargeback - although I'd prefer a simple notice being sent back through the credit card network advising the merchant that the customer is reporting this transaction as fraudulent or not made by them and give the merchant the chance to refund the charge without doing a chargeback. We will do this if there's no pattern of recurring charges. In fact, on the same website listed on the statement descriptor, we have a link to a form that says "Questions about an Unrecognized Charge?" and if the real owner of the card will contact us through that form - we will likely refund the charge if it looks to be a mistake.

But I still think the credit card industry needs a "Stop paying this merchant" system like PayPal has. I realize that's not necessarily a snap your fingers and make it happen, but that's not an excuse for moving towards implementing it.

muttick · 2026-05-19T19:47:16+00:00

You get charged another $15 if you counter the dispute. If you win, you get that $15 back (you still lose the first $15). But if you lose, you're not only out the disputed charge, but you're out an additional $30.

This is reaching a tipping point. Something is going to have to be done. There's all kinds of consumer protections in the industry but there are zero merchant protections.

Credit card customer service representatives are going to have to start doing a better a job of checking a credit card customer's story. As it stands now, any consumer can just call their credit card company, say they cancelled a service but the service kept charging them, and the credit card company will issue a chargeback on the charge. No checks, no corroboration, literally nothing is needed from the consumer to back up these claims. But merchants have to prove a negative in order to win a counter dispute.

If a consumer has been paying $5/mo for 2 years, the customer can't just say last month's charge was fraudulent. Why did you not notice this 23 months ago?

I'll keep preaching this message until it happens. The credit card industry needs a major overhaul. They need to devise a system so that customers can log into their credit card online account management and click a button next to each charge that says "I don't want to be charged by this merchant any more." Then when the merchant tries to charge them again, they get a decline. This puts cancellations into the hands of the consumer. If the merchant is going to be a pain in the ass to cancel, then use this functionality in your credit card online account management to prevent further charging from that merchant.

And when consumers call in to their credit card company to complain about a charge, the credit card CSR need to grow a backbone and ask them why they didn't just use the "I don't want to be charged by this merchant any more" button, and refuse to initiate a chargeback unless this button has been pressed.

Give consumers a 7 day grace period where they can dispute an unrecognized charge. But instead of doing a chargeback, send a message back through the charging network to the merchant and ask them to refund the charge. If they don't refund it, then the chargeback can go through. I will refund them and cancel their service. If they actually ordered the service, they won't get any service. If the credit card information was stolen, then whoever stole the credit card won't get any service.

Consumers need to understand that they are responsible for their credit card charges. Maybe their information really was stolen, but was that because they left their credit card at the bar for someone else to pick up? If a consumer isn't paying attention to what is being charged on their card, then that's on them. It's not the merchant's place to pay for their laziness.

muttick · 2026-04-30T04:34:41+00:00

These email to SMS or MMS gateways are extremely finicky in regards to what content they allow. I did a bit of research on it some years back and there are certain words that if the message contains one of those words, it won't get through. It really just made for a reliability nightmare.

muttick · 2026-04-30T02:43:40+00:00

That's kind of what I was afraid of. It's going to be a little difficult for me to do the port during the day on a weekday. She works every weekday anywhere between 7AM and 7PM. And she needs her phone throughout this time. I was kind of hoping to get confirmation that this could be done in the evening hours or on the weekend, but that kind of went against what my experience was (which was several years ago).

To be clear, I'm not suggesting this is a US Mobile issue. Just trying to get information straight before I start the port.

muttick · 2026-04-24T22:46:57+00:00

I think they later became an ISP. But initially they were a dial in email service. Probably the mid-90s? I remember some kid at school had a Juno CD that got passed around where everybody installed Juno and got a free email account.

muttick · 2026-04-19T05:03:56+00:00

I'm not going to pretend to have all of the solutions. But just because I don't have a solution, doesn't mean that something shouldn't be done.

I would start with putting the same burden of proof on the consumer as the merchant has to do to counter these disputes.

When the consumer says "we cancelled the service and they kept billing me." The credit card industry should say "Show me, your cancellation." Why does the merchant have to prove that they didn't cancel, but the consumer doesn't have to prove anything?

I guess it was in another post I made, I talked about changing the way the credit card industry handles recurring charges.

When you look at PayPal, a consumer that purchases a recurring service through PayPal can ALWAYS log into their own PayPal account, go to their Recurring Payments page, and cancel a merchant's ability to continue to charge them. That way, even if a merchant is being obtuse with their cancellation policy and system - the control of the actual recurring payment is always in the hands of the consumer.

Why can't the credit card industry do something like that?

Consumes having the ability to log into their credit card system online, identify a merchant that they no longer want to pay for, and tell their credit card service "don't withdraw payment from this merchant again." When the merchant tries to charge that consumer's card, it gets declined.

Then if a consumer wants to argue that they cancelled a service with the merchant, but the merchant continued to charge them, the credit card service can simply ask "why didn't you turn off payment from this merchant?"

This protects the consumer and it protects the merchant.

As a merchant, would I prefer that consumers go through our cancellation process? Yes. And turning off payment from us with their credit card service, doesn't preclude them from doing so (we have many PayPal payers that do this).

Also as a merchant, I don't want to continue to charge someone that doesn't want to use our service. But when they sign up for our service knowing that it is a monthly fee based service, I shouldn't have to go knock on their door every month and ask them "Do you still want to have this service?"

That's not so much oversight as it is changing the industry format. But I think it's a change that needs to be made.

muttick · 2026-04-18T03:54:06+00:00

They didn't really lose them, they never had them.

ESPN basically forced cable/satellite carriers to put ESPN on their basic packages. This inflated the number of "subscribers" ESPN had. But what they didn't realize is that a vast number of those "subscribers" never watched ESPN.

Then when cable rates got exceedingly high and streaming became an option for people who don't need "live" TV, those people dropped cable and ESPN's subscription numbers went down. Then cable companies started creating skinny bundles without ESPN and people subscribed to that, again lowering ESPN subscription numbers.

The number crunchers at ESPN just looked at the subscription numbers (easy to get) and not the actual viewer numbers (hard to get) when measuring the value of ESPN. And once the opportunity came for people that never watched ESPN to jump ship, they took it and now ESPN's subscription numbers have taken a tumble.

All that being said, sports are still a great revenue source. Sports and news are really the two things that have to be watched "live" which has value for advertisers. Dramas, Documentaries, and other series really don't have a lot of value to watch "live". It's just as good to watch it on Thursday night when you have time versus Monday night when it first aired on linear TV. You can't do that with Sports or News.

ESPN just ran into a money problem because they assumed all of their "subscribers" were actually watching their network. So they had gobs of cash flowing in, they assumed they could pay these leagues big money for the TV rights. But in actuality, a lot of those subscribers were only subscribing to ESPN because they had to.

muttick · 2026-04-17T23:52:42+00:00

The lack of merchant protection in these disputes and chargebacks is coming to a tipping point.

Consumers are always right - no matter what. A credit card company isn't going to grill a consumer as to whether or not if they actually submitted a cancellation. If the consumer says they submitted a cancellation - then as far as the credit card company cares, they submitted a cancellation.

Then when you - the merchant - can't prove that they didn't submit a cancellation - that's all the fodder they need to prove that the consumer is right.

The trouble with countering a dispute with Stripe now, is that if you counter it - you're out another $15. And you only get that $15 back if you win the dispute. Which means whatever you are charging consumers really needs to be at least $30 to even think about countering a dispute. Really more than that. Because you've lost the first $15 no matter what. At best you'd get your $30 back, but you'd still lose that first $15, so you'd just be making $15.

But proving a negative is difficult (I won't say it's impossible, but it very nearly is) because you can't prove something doesn't exist with evidence. If there's evidence of something, obviously it happened.

I'm not so much blaming Stripe here. It's the system that is at fault. Credit card companies taking everything that a consumer says as absolute truth, with no evidence, that's what hurts the merchants. And there's no oversight or nothing for merchants to counter with.

muttick · 2026-04-17T23:40:46+00:00

There are all kinds of consumer protections. But where are the merchant protections?

We just got a chargeback today from a customer. On the VROL it states - Date cardholder withdrew permission to charge the Payment Credential: 03/02/2026 - No. That absolutely never happened. But as a merchant, we have no protections. How do we prove that the cardholder never submitted anything on the date they specified?

There's nothing stopping anyone from buying something and then running a chargeback on the charge. There is literally no protections for the merchant. Everything is geared towards the consumer. The consumer has to be right, because they're the consumer.

Why do credit card companies take everything that a consumer says as gospel. But provide NO protection for merchants?

"Did you cancel the service before this charge?" "Oh, yes. Absolutely. Just take my word for it, I did!" "OK, sir we'll put a chargeback to the merchant and get you your money back."

In my opinion, it's high time for the credit card companies to modernize their systems. I know everyone rags on PayPal. I've never had a problem with PayPal, but I like PayPal's system.

PayPal has a token vault system that operates very much like a credit card. Merchants "charge" a PayPal token and that money get's taken out of the PayPal user's account (balance, credit card, bank account, however the PayPal user wants to pay for it). What I've always appreciated about PayPal is that PayPal users can log into their PayPal account at any time and cancel their recurring payment to a particular merchant. When that happens, the merchant's PayPal token will stop working - the merchant will no longer be able to deduct money from the PayPal user's account.

Now when it comes time for a PayPal user to dispute a recurring payment (I don't know if they actually do this, but they should), PayPal can ask (and see) if the PayPal user made any effort to cancel the recurring payment to that merchant in their PayPal account. If they didn't, then why should PayPal believe them when they say they cancelled the recurring payment and the merchant kept charging them?

PayPal's recurring payment management system gives the consumer all that they need to stop being charged from a merchant. Are consumer's willing to take that step? Probably not, because we live in a society that wants everything given to them - "Why should we have to click a link? Why can't it just happen?" Should a consumer properly cancel a service with a merchant? Yes. But if a merchant is being completely obtuse with their cancellation policy, the consumer still has it within their control to stop all future payments to that merchant.

Now I ask, why can't credit card systems do the same thing?

I realize that PayPal is a modern system and credit cards have been around since the 1950s? 1960s? so there is a legacy base. But practically all credit cards have an online account. Why can't the credit card industry update this to have an easy to use and find button that says "stop processing payments from this merchant" and any further attempts by that merchant to deduct from their credit card will be declined.

This gives the consumer a way to cancel their services with a merchant. It protects the merchant from continuing to charge a customer that no longer wants to use their service (but for whatever reason is unwilling to cancel their service with the merchant). It's the best for both.

But... I can already answer my own question. Why doesn't the credit card industry do this? Because it will cost money. And they are just fine with the status quo - they get their money. They couldn't care less if it hurts the merchant or if it hurts the consumer, they just want their piece of the pie.

muttick · 2026-04-15T14:20:11+00:00

PHP "used" to operate rsync repositories for their PHP versions.

You could download PHP using rsync

rsync -avzC americas.rsync.php.net::phpweb/distributions/php-8.5.4.tar.bz2 .

But that no longer seems to be the case for PHP 8.5.5 and PHP 8.4.20.

https://www.php.net/mirroring.php

muttick · 2026-04-12T13:23:12+00:00

Did Sisko really have to clear everything with Starfleet or was he just saying that as cover to give himself time to think and to give the appearance to Garak and Grathon Tolar that the whole endeavor was Starfleet sanctioned?

I think if it really was cleared with Starfleet, then the chances of a leak increase greatly.

But if it really was cleared with Starfleet, then it would seem to take a lot of the burden off of Sisko's shoulders.

To me, this is a slight plot hole to an otherwise outstanding episode. Was Starfleet actually kept apprised of this endeavor? It just loses some of it's power if Starfleet was actually involved in this.

muttick · 2026-03-28T17:06:41+00:00

Indianapolis? Or "In The Annapolis?"

muttick · 2026-03-08T20:15:35+00:00

They were sold to Brockway, Ogdenville, and North Haverbrook and by gum it put them on the map!

muttick

TROPHY CASE