The email industry has always been known to be evolving, and the past couple weeks have been no different. To help prevent “spoofing” attacks on their users, Yahoo! recently made a sudden, disruptive change to an email authentication policy.
By implementing this change, some common use cases for email, like mailing lists and Forward-to-a-Friend features, have now been broken for Yahoo! users.
Let’s take a deeper look at the change and the effects it had on the industry:
What was the change?
Yahoo! was the first major mailbox provider to go to a full p=reject policy for DMARC authentication. What’s DMARC? Basically, it is a set of authentication rules that can be set on any domain to help prevent spoofing. Check out this blog post if you want to geek out on the details of email authentication, but in short a domain owner can set parameters around what to do when an email does not meet the authentication criteria. Yahoo! set this policy to reject any and all emails from an @yahoo.com address not originating from their (Yahoo!’s) servers.
Why was it so disruptive?
Many sites employ a method of sending important content (like news articles, social sharing links, and other content items) via forward-to-a-friend. The majority of these messages are implemented by allowing the initiator of the share to put their own email address as the “from address.” If the sharer happens to have a Yahoo! email address, the message will not go through anymore!
This has frustrated many list managers and businesses that run apps featuring sharing via email. Similarly, mailing lists that receive a message and distribute that message to a list of users was also disrupted for Yahoo! users.
Yahoo! may be the first of many mailbox providers to do this. As spamming and phishing pressures continue, others may be forced to make similar changes.
If you haven’t heard already, AOL had a little problem with their users’ email accounts being hacked and sending spam this week. It’s an old trick, and you’ve probably seen it before: once they get in, these spammers send links to everyone in your address book. If you have an AOL account, change that password! And of course, watch out for suspicious emails from your contacts with AOL email accounts.
I’m a sender and Yahoo!’s policy change really messed me up. Help! What can I do to prevent this from happening again?
Implement best practices on any and all of your email streams. In this particular case, you want “sharing” emails to be sent from your domain with wording to indicate why the email is being sent (e.g. “Shared to you by Joe Smith from Our Brand’s website.”). You can also get more details via our ebook, A Guide to Transactional Email.
Too much to take on right now? You should look for a transactional email service, like Dyn’s Email Delivery, to relay those messages. We not only offer Email Delivery, but an industry-leading deliverability team to help you along the way!