AOL Becomes Second Major Mailbox Provider to Implement DMARC

Aol_Mail_logo_cropped

What is DMARC and How Does This Affect Me?

Just over two weeks after Yahoo’s implementation of a strict DMARC record, a second major mailbox provider has now followed suit. Late yesterday afternoon AOL made an announcement on their Postmaster blog stating that they are immediately implementing a “p=reject” DMARC policy.

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” is a technology that aims to prevent spoofing of from addresses. This means that any email message that uses a From address of @aol.com can only originate from AOL’s mail servers. SocketLabs customers and all third party mail servers will no longer be able to deliver email with an @aol from address to any DMARC compliant system.

To clarify, this does not affect messages delivered to addresses at AOL, but rather messages sent using a From address of @aol.com.

Some common reasons you may send messages using an aol.com from address are but not limited to:

1) Website forms that use a From Address specified in the form
2) CRM Applications with sub-users that may specify their own From Address
3) Services that allow email messages to be generated and sent on behalf of others, such as Invite-a-friend, or Share via Email buttons.

Why Were These Changes Made?

You may be aware that over the weekend reports of AOL accounts being compromised were flooding social media sites like Twitter.  The story was quickly picked up by major news outlets such as USA Today and TechCrunch.  Some of us here at SocketLabs were on the receiving end of the spam messages, and upon analyzing the messages we were quickly noticing that they did not legitimately originate from AOL.  This meant that all these spam messages were originating from third party sources leaving AOL with little control over their delivery other than DMARC implementation.

What Will Other Mailbox Providers Do?

Right now both Yahoo and AOL instigated DMARC policies specifically due to major issues with address spoofing affecting their user base. While other providers may eventually implement similar records I think they may hold off until there is a direct threat.  Gmail for example offers a “Send mail as” feature within their client.  Initiating a DMARC record would in some ways go against this existing product feature. This is one of many reasons I doubt we see a rush to implement DMARC by Gmail without a direct threat affecting its users.

Are There Any Workarounds?

Unfortunately there are no direct work arounds that SocketLabs can provide.  We have provided a list of Suggested Solutions in our last blog article pertaining to Yahoo’s DMARC implementation.

Need more help?

First, try out our free DMARC Generator to help you generate a valid DMARC policy for your domain.

If you are encountering issues delivering your messages, SocketLabs On-Demand email experts are here to help. Don’t hesitate to reach out to [email protected] for advice on DMARC email security and the best ways to solve your email delivery problems.