Thursday, April 10, 2014

Yahoo Policy Change Impacts Delivery

By: Chris Reibold

Senior Email Analyst

While I did put considerable thought into titling this blog post “Yahoo breaks the internet!”, I thought that might be a little dramatic, but it was tempting.

Within the last 48 hours, Yahoo made a bold move in updating their DMARC policy setting to "p=reject." Therefore, mail containing a Yahoo from address is no longer considered legitimate if it does not contain an authentication signature, or if it did not come from properly identified Yahoo infrastructure.

What does this mean? If you are sending from a Yahoo address, to Yahoo users, your emails will always be bounced. Essentially, if the from address is, and your message is not originating from Yahoo infrastructure (using their web interface, or sending with your Yahoo account from outlook, your iPhone, android, etc), it will never make it to the recipient.

If you look inside the SMTP logs of a message sent to Yahoo, it will look like this:

Message+not+accepted+for+policy+reasons.++See+ - - 0 0 0 SMTP - -

At JangoMail, we discourage our users from sending with a from address of major free email providers like Yahoo, Gmail, and Hotmail.  With the new change, however, users will be flat out blocked if they try to send from a provider. While this move seems drastic, it will limit the amount of spoofed email to Yahoo accounts to zero.

Since Yahoo is a major source of email on the web, you can expect Hotmail and Gmail to follow suit. Do not think of this as some security experiment that Yahoo is performing, but a real and secure change in the way email is handled on the internet today.

Bottom line: Do not use a,,, or other free email provider address to send your emails. Instead, set up and send from your own domain. Learn how to here.