Recently Yahoo – one of the three most widely used public email services – modified its authentication policy. This modification has the ability to seriously impact deliverability of email being sent out with the ‘From Address’ containing ‘yahoo.com’, but not being routed through Yahoo’s servers. Literal translation – there is a high probability that an email campaign sent through an Email Marketing Software, with the ‘From Address’ containing your personal Yahoo address will land in Yahoo’s Spam folder or simply Bounce.
Why did Yahoo do this?
Yahoo has been facing the ire of ongoing attacks on its users from hackers for quite some time. User accounts are hacked and then malicious content is sent from that user to their contact list. Yahoo managed to curtail these attacks by blocking Spam routed through Yahoo’s servers. In response to this, the miscreants have now started sending Spam from hacked Yahoo accounts to their contact list using other servers.
To counter this second level attack, Yahoo altered its DMARC authentication procedure by publishing a certain ‘p=reject’ record, which tells email clients to reject mail that is coming from Yahoo users but not being routed through Yahoo controlled servers. Here’s a detailed account of this DMARC primer from Laura Atkins at Word to the Wise.
While this arrangement will certainly curb hacker’s from infiltrating more Yahoo accounts, it will most definitely also disregard mail from regular Yahoo users that use another SMTP server, including bulk mail sent through ESPs, and individual mail sent to mailing lists.
As a consequence of this change, using a ‘yahoo.com’ ‘From Address’ while sending an email campaign through an email service provider will cause the email to appear fraudulent, even when it’s absolutely legitimate – resulting in email being rejected by receiving server, or sent to Spam. This internal change introduced by Yahoo will also affect receiving servers who respect DMARC policies, including Gmail, Hotmail, and many others.
Hence, if you’re using a ‘yahoo.com’ ‘From Address’, you might notice a sharp dip in opens and clicks. All you need to do is ensure that you change the ‘From Address’ for your future campaigns.
If you’re using ‘From Address’ from other public email providers (such as Gmail, Hotmail, etc.), you’re still good to go. However, it’s very much possible that they might also adopt similar DMARC changes in the future. The best solution that you can opt for right away is to use an email address from a private domain controlled by you (or your organization), as email protocols allow a custom ‘From Address’ even if the email is not actually being sent from that domain.