Yahoo DMARC Changes/”Message not accepted for policy reasons”
Yahoo recently started participating in DMARC, which standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. For those of you who are not familiar with these terms, this means that Yahoo has added a line of text to its DNS record telling mailbox providers to reject any mail from a Yahoo domain if it doesn’t come from Yahoo’s own servers.
This was big news and had a big impact.
How Does DMARC Work?
Why Did Yahoo Make This Decision?
DMARC technology efficiently cuts off spammers and phishers who sometimes forge the “From” address on email messages so that the spam appears to come from a user in your domain.
Fraudsters hack into user accounts and copy address books. This can happen with any mail service, not just Yahoo. Then, using a different server, these hackers send messages to a list of contacts from a stolen username, which they broke into. The user receiving the message is then lured to a fake website for the purpose of identity theft.
For Yahoo, the advantages of changing its DMARC policy are undeniable:
- Brand confidence increases
- Users are protected against fraud
- Hackers become less interested in stealing address books
The Dark Side of the Picture
Many people started having problems sending Yahoo mail (to Gmail, Outlook, Yahoo, and so on). Their emails wouldn’t send, and they didn’t understand why. What was happening?
Emails sent through bulk mail services (such as Atomic Email Service, for example) that include “yahoo.com” in the sender’s address are considered fraudulent, even if they are not in reality. As a result, the server doesn’t accept them, or marks them as spam.
What Can You Do?
If you are using a Yahoo address, check your delivery statistics. You may notice a decline in your open and click-through rates. There’s no need to panic! You will simply need to change your “From” address to a non-Yahoo address for your future mailings.
At the moment, you can still use addresses like Gmail or Hotmail without disruption. But there’s a possibility that these companies will use DMARC in the future, too. The best solution is to use an email address on a private domain that you control: for example, firstname.lastname@example.org.