Yahoo Speaks Out About Recent Policy Changes

Last week we published an article about security policy changes at Yahoo Mail that are affecting email senders. The change implemented by Yahoo was an email security protocol called DMARC. DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” is a technology that aims to prevent spoofing of from addresses. The changes implemented by Yahoo tell other DMARC compliant mail systems to reject mail with Yahoo addresses in the from field that didn’t genuinely originated from a Yahoo server.

Yahoo has now officially commented on their changes via a post to their Tumblr blog. In the blog, they make it clear that these changes were implemented with a goal of protecting their users. While highlighting the benefits, Yahoo has also touched on the short term negative impact of their decision. They even went as far as to apologize:

“There is a regrettable, short-term impact to our more aggressive position on DMARC. Many legitimate emails sent on behalf of Yahoo Mail customers from third parties are also being rejected. We apologize for any inconvenience this may have caused.”

While there is a short term negative impact, the long term positives for Yahoo and their brand are significant. This single DNS record change results in a huge leap forward in the fight against phishing, as well as address forgery as a whole. There is no doubt that the email ecosystem will benefit greatly in the long term.

While no other major service provider has yet to follow suite, here at SocketLabs we see it as only a matter of time. All the malicious users piggy-backing off of the yahoo.com domain will be migrating to other providers. This will result in an increased pressure on those providers to implement similar policies.

Suggested Solutions

At SocketLabs our function as an email relay service makes it impossible for us to address the root issue in the message generation process. In most cases, our customers are generating the email message contents including the from address. While we’ve always had a policy against our customers sending messages from a domain they did not own or control, we have made exemptions for specific use-cases.  At this time SocketLabs cautions against sending any email through our service from any domain that you do not own or control, including but not limited to other major service providers domains like Gmail, Outlook.com, etc…

Try our free DMARC Generator as the first step to ensure that your emails are secure and that you are preventing address spoofing.

Web Forms

If you are sending email messages generated by a web form such as a “share via email” page or “contact us” page, we suggest replacing the from address with a static value at your own domain. Then use the from address form value in the “Reply To:” field. For example here is how the header of a message would look:

From: [email protected]

To:  [email protected]

Reply-to: [email protected]

CRM Platforms

If you are sending email messages generated by a CRM system we suggest that you provide your users with personalized addresses at your own domain, and again utilize the reply-to field for the customers real email address. Here is an example of what the header of a message might look like:

From: [email protected]

To: [email protected]

Reply-to: [email protected]

Another option would be to require all users of the CRM platform to utilize an email address at their own domain. This may be difficult for some CRM system users, but it will prevent further issues with from addresses.

While these suggestions may work for some, it it up to you to decide what will work best for your business.  What we do know is that sending email from domains outside of your control is only going to lead to more and more delivery problems in the future.

Need more help?

If you are encountering issues delivering your messages, SocketLabs On-Demand email experts are here to help. Don’t hesitate to reach out to [email protected] for advice on the best ways to solve your email delivery problems.