More Yahoo domains get DMARC'd

Yahoo is turning on p=reject for 62 of their international domains on March 28, 2016. These domains include:
y7mail.com
yahoo.at
yahoo.be
yahoo.bg
yahoo.cl
yahoo.co.hu
yahoo.co.id
yahoo.co.il
yahoo.co.kr
yahoo.co.th
yahoo.co.za
yahoo.com.co
yahoo.com.hr
yahoo.com.my
yahoo.com.pe
yahoo.com.ph
yahoo.com.sg
yahoo.com.tr
yahoo.com.tw
yahoo.com.ua
yahoo.com.ve
yahoo.com.vn
yahoo.cz
yahoo.dk
yahoo.ee
yahoo.fi
yahoo.hr
yahoo.hu
yahoo.ie
yahoo.lt
yahoo.lv
yahoo.nl
yahoo.no
yahoo.pl
yahoo.pt
yahoo.rs
yahoo.se
yahoo.si
yahoo.sk
yahoogroups.co.kr
yahoogroups.com.cn
yahoogroups.com.sg
yahoogroups.com.tw
yahoogrupper.dk
yahoogruppi.it
yahooxtra.co.nz
yahoo.ca
yahoo.co.in
yahoo.co.nz
yahoo.co.uk
yahoo.com.ar
yahoo.com.au
yahoo.com.br
yahoo.com.hk
yahoo.com.mx
yahoo.de
yahoo.es
yahoo.fr
yahoo.gr
yahoo.in
yahoo.it
yahoo.ro
These may cause some delivery issues with international Yahoo domains during the transition period. Anyone using these domains in mail not sent through the Yahoo interface is likely to experience increased bounces at ISPs who are respecting the p=reject request in the DMARC record.

Related Posts

June 2014: The month in email

Each month, we like to focus on a core email feature or function and present an overview for people looking to learn more. This month, we addressed authentication with SPF.
We also talked about feedback mechanisms, and the importance for senders to participate in FBL processes.
In our ongoing discussions about spam filters, we took a look at the state of our own inboxes and lamented the challenge spam we get from Spamarrest. We also pointed out a post from Cloudmark where they reiterate much of what we’ve been saying about filters: there’s no secret sauce, just a continuing series of efforts to make sure recipients get only the mail they want and expect to receive. We also looked at a grey area in the realm of wanted and expected mail: role accounts (such as “marketing@companyname.com”) and how ESPs handle them.
As always, getting into the Gmail inbox is a big priority for our clients and other senders. We talked a bit about this here, and a bit more about the ever-changing world of filters here.
On the subject of list management, we wrote about the state of affiliate mailers and the heightened delivery challenges they face getting in the inbox. We got our usual quota of spam, and a call from a marketer who had purchased our names on a list. You can imagine how effective that was for them.
And in a not-at-all-surprising development, spammers have started to employ DMARC workarounds. We highlighted some of the Yahoo-specific issues in a post that raises more questions.
We also saw some things we quite liked in June. In the Best Practices Hall of Fame, we gave props to this privacy policy change notification and to our bank’s ATM receipts.
We also reviewed some interesting new and updated technology in the commercial MTA space, and were happy to share those findings.

Read More

Yahoo DMARC articles worth reading

There are a bunch of them and they’re all worth reading.
I have more to say about DMARC, both in terms of advice for senders and list managers affected by this, and in terms of the broader implications of this policy decision. But those articles are going to take me a little longer to write.
How widespread is the problem? Andrew Barrett publishes numbers, pulled from his employer, related to the number of senders using @yahoo.com addresses in their commercial emails. Short version: a low percentage but a lot of users and emails in raw numbers.
What can mailing list managers do? Right now the two answers seem to be stop Yahoo.com addresses from posting or fix your mailing list software. Al has posted how he patched his software to cope, and linked to a post by OnlineGroups.net about how they patched their software.
A number of people are recommending adding an Original Authentication Results header as recommended in the DMARC.org FAQ. I’m looking for more information about how that would work.
For commercial mailers, there doesn’t seem to be that much to do except to not use @yahoo.com address as your header-From address. Yes, this may affect delivery while you’re switching to the new From address, but right now your mail isn’t going to any mailbox provider that implements DMARC checking.
One other thing that commercial mailers and ESPs should be aware of. Depending on your bounce handling processes, this may cause other addresses to bounce off the list. Once the issue of the header-From address is settled, you can reactivate addresses that bounced off the list due to authentication failures since April 4.
 

Read More

Yahoo Statement on DMARC policy

Yesterday Yahoo posted a statement about their new p=reject policy. Based on this statement I don’t expect Yahoo to be rolling back the policy any time soon. It seems it was incredibly effective at stopping spoofed Yahoo mail.

Read More