Example bounces due to Yahoo p=reject

There are a number of different bounces that people are reporting due to Yahoo publishing a DMARC record of p=reject. I decided to put some of those bounces here so confused users could find out what they needed to do.
Comcast

smtp;550 5.2.0 meQj1n01053u42A0HeQj3v Message rejected due to DMARC. Please see http://postmaster.comcast.net/smtp-error-codes.php#DM000001

Google

smtp;550 5.7.1 Unauthenticated email from yahoo.com is not accepted due to domain’s DMARC policy. Please contact administrator of yahoo.com domain if this was a legitimate mail. Please visit http://support.google.com/mail/answer/2451690 to learn about DMARC initiative. 100si2781324qgv.4 – gsmtp

Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. ua2si8779123

Hotmail

550 5.7.0 (COL0-MC6-F31) Unfortunately, messages from (IP) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions. (in reply to end of DATA command))

XS4ALL

smtp;550 5.7.1  DMARC failure for domain yahoo.com, policy reject

Yahoo

554 5.7.9 Message not accepted for policy reasons.  See http://postmaster.yahoo.com/errors/postmaster-28.html (in reply to end of DATA command))

What can you do if you get one of these bounces?
Endusers can do a couple things. For one-to-one mail make sure you’re using the Yahoo outgoing mail servers and that should fix the problem without you having to really make any change. For email to mailing lists you’ll need to switch to an email address at another domain for that mailing list.
If you’re sending mail through an ESP, you’re going to need to change your header-from address to something other than a @yahoo.com address. This is going to break some things, unfortunately, but as long as Yahoo is publishing this record, you’re not going to be able to use Yahoo.com addresses for your commercial mail.

Related Posts

SBCGlobal having a bad day

I’m seeing scattered reports of the SBCGlobal.net MTAs refusing connections. No current information about fixes.

Read More

A brief DMARC primer

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains what to do with messages that do not authenticate. In addition, DMARC introduces the concept of “domain alignment.” What this means is that the authentication has to be from the same domain (or a sub-domain) as the address in the header-from: line. The idea behind DMARC is that organizational owners can use SPF and DKIM authentication to authenticate their actual domain in the header-from line. This moves authentication from a important but behind the scenes technology out to an end user visible technology.

Read More

Open relays

Spamhaus wrote about the return of open relays yesterday. What they’re seeing today matches what I see: there is fairly consistent abuse of open relays to send spam. As spam problems go it’s not as serious as compromised machines or abuse-tolerant ESPs / ISPs/ freemail providers – either in terms of volume or user inbox experience – but it’s definitely part of the problem.
I’m not sure how much of a new problem it is, though.
Spammers scan the ‘net for mailservers and attempt to relay email through them back to email addresses they control. Any mail that’s delivered is a sign of an open relay. They typically put the IP address of the mailserver they connected to in the subject line of the email, making it easy for them to mechanically extract a list of open relays.
We run some honeypots that will accept and log any transaction, which looks just like an open relay to spammers other than not actually relaying any email. They let us see what’s going on. Here’s a fairly typical recent relay attempt:

Read More