Why You Should Dump Your Yahoo! Mail

I know, I know. You’ve been with Yahoo! for 10 years. You love your Yahoo! Your Yahoo! is free. Well guess what? Your Yahoo! is also keeping you from getting a LOT of your mail.

In fact, except for the biggest ISPs (like Comcast, etc.) and mail services that Yahoo! themselves run, such as SBC- and AT&T-related domains, there’s a good chance that you’re missing more than 50% of the mail that’s sent to you.

Right now, many of you are probably thinking I’m crazy. But it’s true. Over the last 18 months or so, Yahoo! has begun non-standard e-mail practices that result in most inbound messages being considered to be spam.

Do a search on Google for the words yahoo temporarily deferred and you’ll get back no fewer than 180,000 results. This is a huge problem.

It all started when Yahoo! decided to implement a proprietary anti-spam system called DomainKeys. DomainKeys is a way for a mail server to “sign” messages sent out, combined with a matching “signature” in the DNS for the sending domain, so that Yahoo! can validate that the message in question really came from the server it says it came from. DNS, by the way, is what matches your domain’s IP address with its name.

So Yahoo! checks the signatures of both, and if they match, then the message isn’t considered spam.

The first problem is that, again, this system is proprietary. There was already a similar system in place called SPF, which is an accepted standard and one that’s been in place since late 2004. It doesn’t use the signatures, but it does use DNS, which is just as good: A spammer can’t fake the SPF records for a particular domain, because there’s no way for a spammer to get access to DNS for a domain they don’t own.

So Yahoo! started checking inbound mail for DomainKeys, yet there weren’t really any mail servers set up to sign mail with DomainKeys signatures because, again, it was a proprietary system. The result of this is that messages not signed with DomainKeys sent to Yahoo! users are “temporarily deferred” with an error code of 421, sometimes for up to six hours. This means Yahoo! received the message, but refuses to deliver it to the recipient because, since you don’t use their proprietary system, obviously your message to Aunt Lucy with pictures from your birthday party is spam.

The second problem is that DomainKeys DOES NOT WORK.

A client of mine, an amusement park, is in full hiring swing for the upcoming season. They were seeing all of their messages to Yahoo! deferred, with many never getting to the recipient. Ever. So we investigated installing DomainKeys just for them so that they wouldn’t have as much trouble, even though in general I’m opposed to proprietary stuff running on our servers.

So we installed DomainKeys and guess what? A lot of messages signed with DomainKeys are STILL being deferred by Yahoo! mail servers and are never getting delivered. Even after 4-6 hours.

The best part, though, is that the messages that ARE signed with DomainKeys that do get through to the intended recipient at Yahoo!, sometimes in less than a minute…are STILL automatically put into the user’s Spam folder!

Let’s review the situation:

  • Our mail server conforms to all standard e-mail protocols
  • We’ve installed Yahoo!’s stupid DomainKeys system and it’s properly signing messages sent from our server
  • Yahoo! still doesn’t deliver a large percentage of signed messages. Ever.
  • The mail that Yahoo! does accept is still considered spam and put into the recipient’s spam folder

Ok, so let’s say that Aunt Lucy doesn’t really care about you or your stupid birthday party, so no great loss that she never got the message you sent. But LOTS of you out there who use Yahoo! have mail from other domains forwarded to you at your Yahoo! address. And lots of you use it for business.

Uh oh.

Let’s see…2+2…carry the 4…silent ‘e’…hmm, is the light bulb on yet? Yup. This means that you’re potentially missing the MAJORITY of business-related e-mails that people are trying to send to you. And I’m pretty sure that missing e-mail from prospective customers is not on your business plan for success.

“I don’t miss any e-mails!” you proclaim.

Yeah. Um. How would you know? Unless the person contacts you. And I’d be willing to bet that some people in fact HAVE contacted you. And you can’t figure out why they can’t send mail to you. Now you know.

So what do you do?

Well, for starters, you need to leave Yahoo! It’s fine as a secondary e-mail service I suppose, for personal stuff that doesn’t matter, but for a primary place where you receive anything important, Yahoo! cannot be trusted to deliver your mail to you. And Yahoo!’s “Postmaster” department, the part of the company responsible for mail, is notorious for not being cooperative with other companies to try to resolve this issue.

In fact Yahoo! has a form that companies can fill out to try to fix this whole mess (as a funny aside, this is the link that Yahoo! has on their own website to fill out the form…notice that it does not, in fact, link to a form, but to a menu of vaguely-related topics…very helpful, thanks Yahoo!). Most companies who go through the process either never hear back from Yahoo!, or Yahoo! responds by saying that the company in question can’t be “whitelisted” on Yahoo!’s mail system because Yahoo! users have deemed the company’s mail as spam.

My company has never sent out a bulk mailing in 10 years. Not a single unsolicited e-mail. The only time we ever send mail to Yahoo! is to reply to a message we receive. And yet somehow Yahoo! has come up with the answer that Yahoo! users have determined that the replies that I’m sending to their e-mails are spam.

Uh huh.

Back to the amusement park client…even after installing DomainKeys, my client is entirely unable to send mail to certain addresses at Yahoo! Including his own. So before you think that the companies who are trying to get whitelisted are lying about whether or not they send out bulk mail, ask yourself what are the odds that my client has “determined” that his own mail is spam. Not very good, probably.

If you can’t stand the thought of paying for mail service, then at least pick a service that doesn’t have these issues, such as GMail. The time to dump Yahoo! is now. Well, really, it’s 18 months ago. But now will do just fine.

Tags: , , , , , , ,

4 Responses to “Why You Should Dump Your Yahoo! Mail”

  1. Allan Says:

    Lots of things wrong here…

    >The first problem is that, again, this system is proprietary. There was >already a similar system in place called SPF, which is an accepted standard >and one that’s been in place since late 2004. It

    DomainKeys is standard. patented but freely usable, and specs are
    freely available. for about the same length of time as SPF (which
    Microsoft has encumbered with patents that they are not commenting on
    whether they will exercise them)
    RFC 4871

    >So Yahoo! checks the signatures of both, and if they match, then the >message isn’t considered spam.
    Nope, you’re just authenticating the emails. Nothing prevents someone
    from registering spamalot.com, signing emails, etc. However, you are
    preventing someone from impersonating an existing domain, paypal.com
    for instance.

    >Yahoo! users are “temporarily deferred” with an error code of 421, >sometimes for up to six hours.
    This is known as greylisting and has become very prevalent at many
    places (automatically defer all incoming messages). It’s very prevalent
    because it’s incredibly effective. Most autospam programs don’t try
    again, whereas every legitimate mail server will (there have been some
    bugs in a few like Novel groupwise). The amount of delay is mostly a
    result of YOUR email server’s settings. The RFC standards suggest 30
    minutes before retrying. After greylisting became widespread, I set
    ours to 10min.

    Another benefit of greylisting, is that by delaying for even 10 minutes, you
    allow other mechanisms like distributed checksumming to ‘see’ the
    message, and when the spammer retries in 10 minutes, you might now
    know that 100 identical copies of this message were sent during those
    10 minutes. NOW you can reject it outright.

  2. louzucaro Says:

    DomainKeys is Yahoo!’s system. DKIM is the multi-corporational standard that integrated elements of DomainKeys and others. Yahoo! specifically requests that mail be signed with DomainKeys, not DKIM, and I believe Yahoo! ignores DKIM signatures.

    And yes, while it’s true that somebody can register spamalot.com and sign e-mail with a valid DomainKeys signature, my point is that using DomainKeys is supposed to serve SOME purpose in Yahoo!’s system, and it doesn’t.

    The behavior of Yahoo!’s mail system is no different if you have DomainKeys than if you don’t. Since that’s the case, what’s the point?

    Greylisting is not supposed to function how you describe (meaning most people would not consider their greylisting to be working properly if the receiving server STILL refuses incoming messages after the sending server waits for the greylisting period, then resends the message). My company uses greylisting, too, and once the sending server has properly resent the message after the wait time, our server then considers that sender valid moving forward for that recipient (even if this isn’t precisely the spec of the RFC, this is how it is generally implemented, and it does work great, as you say).

    Again, Yahoo!’s system, on the other hand, doesn’t necessarily accept the additional message(s) sent by the sending server. This is why a sending server might try to send the same message another 4 times and Yahoo! still doesn’t accept it.

    Additionally, Yahoo! claims that if a Yahoo! user adds an e-mail address to their address book, this is the same as whitelisting that address. Again, this is false, as I have friends / customers etc. who have me in their address book, but still, even after DomainKeys, after greylisting (and our server properly waiting and trying to re-deliver on multiple attempts) and with other common things such as correct rDNS and SPF records, often the messages NEVER get to the recipient.

    You can make all the arguments you want about DomainKeys vs. DKIM, greylisting, etc., but the bottom line is that many Yahoo! users are not getting mail because Yahoo!’s system simply does not work properly, or as advertised, and users should beware.

  3. Christy Smith Says:

    OMG – You’ve said everything I’ve been feeling for months. I’m so frustrated with this problem and to this day – HAVE NOT found a solution. Unfortunately, we can’t just say “screw yahoo” and move on – our customers need to send mail to yahoo recipients.

    Like you, we have NEVER sent even one unsolicited mail from our server. Ever. Please post a solution if you ever find one.

  4. louzucaro Says:

    Unfortunately, we had to just wait it out for it to resolve itself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: