back to article 'Yahoo! Breaks! Every! Mailing! List! In! The! World!' says email guru

Email luminary John Levine has accused Yahoo! of sabotaging email lists for everyone, everywhere. In a post titled “Yahoo! Breaks! Every! Mailing! List! In! The! World! Including! The! IETF's!'”, Levin explains “an emerging e-mail security scheme” called DMARC that “lets a domain owner make assertions about the From: address, …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    What legit email admin ...

    ... doesn't bounce toys like yahoo, gmail, hotmail, etc. in the first place?

    1. xperroni
      Thumb Down

      Re: What legit email admin ...

      Maybe one whose head isn't stuck in the 90's? My main e-mail account has been Yahoo! and then Gmail for the past 10+ years. I doubt I am an exception, and if that makes me "not a real man / engineer / hacker / programmer / Internet user" then so be it.

      1. jake Silver badge

        @ xperroni (was: Re: What legit email admin ...)

        Has nothing to do with you personally, xperroni, it has to do with the folks you are rubbing virtual shoulders with. Not enough signal, too much noise.

        Ironically, the email address I use for my ElReg account (and only ElReg, I might add, outside of a few ancient friends trying to find me) is a seemingly unkillable AOL account that started life at Q-Link ... It's supposedly been deleted a dozen(ish) times since 1989. I stopped trying to nuke it in 2004.

        1. BlueGreen

          Re: @ xperroni (was: What legit email admin ...)

          > it has to do with the folks you are rubbing virtual shoulders with

          Instead of posting snobby I'm-a-techno-god comments with no useful content, perhaps do something constructive instead.

          As you're so evidently knowledgeable, share it. Light a candle and push back the darkness like Trevor Pott; write an article or two for the reg, for us plebs. Earn your stripes instead of being a slightly upmarket troll.

          You going to put up or shut up then? Either works for me.

          1. Trevor_Pott Gold badge

            Re: @ xperroni (was: What legit email admin ...)

            Beetlejuice...Beetlejuice...Candleja-

    2. Anonymous Coward
      Anonymous Coward

      Re: What legit email admin ...

      ... doesn't bounce toys like yahoo, gmail, hotmail, etc. in the first place?

      Someone who isn't elitist enough to expect people to run their own mail servers.

      1. jake Silver badge

        @ Stuart Longland (was: Re: What legit email admin ...)

        Yes, I run my own email servers. My systems talk to most of TehIntraWebTubes. But I avoid multi-national, billion dollar marketing companies with a passion. Talking to them is more trouble than it is worth. It's not "elitist", it's pragmatic.

        As a side-note, you might want to get that chip on your shoulder looked at.

        1. Anonymous Coward
          Anonymous Coward

          Re: @ Stuart Longland (was: What legit email admin ...)

          Yes, I run my own email servers. My systems talk to most of TehIntraWebTubes. But I avoid multi-national, billion dollar marketing companies with a passion. Talking to them is more trouble than it is worth. It's not "elitist", it's pragmatic.

          As a side-note, you might want to get that chip on your shoulder looked at.

          Yes, I run two mail servers as well. I run my own personal one, and I run one for a small company of about 20 employees.

          There'd be a big yike from the group if I started to block free email services as many of them use Gmail and the like for personal email addresses. A fair few of our clients also use these services.

          Sure, you don't trust them. I've got other reasons for not using them. People trust these services, who are we to judge?

        2. Brenda McViking

          Re: @ Stuart Longland (was: What legit email admin ...)

          I use one too jake. (a billion dollar advertising agency account that is)

          For general spam. Internet shopping and facebook and linkedin notifications - in fact, as the vast majority of the email I recieve is neither confidential, particularly personal or even indeed useful, I'm quite happy for the likes of google/microsoft/yahoo to host it for me. It's not like they charge me, and they can sell it all to advertisers all they want - with adblock plus, i'll simply not see all the targeted ads that desperate agencies have paid for to put in front of me.

          As for running my own email server, I don't. Just like I don't have a washing machine repair workshop in my garage despite owning a washing machine, or an vetinary operating table despite owning a cat. Both of those would be pragmatic, but unfortunately I have to work for a living, and as such don't have all the free time necessary to purchase, install, operate and maintain these "nice to haves." YMMV.

        3. This post has been deleted by its author

    3. batfastad

      Re: What legit email admin ...

      "... doesn't bounce toys like yahoo, gmail, hotmail, etc. in the first place?"

      One who perhaps has to deal with proper business-critical mail servers that live in the actual real world of e-mail?

      Go ahead and live in your own e-mail cave. It doesn't sound like many people need to contact you anyway*. Burrrn!

      *Apologies, smiley face, I couldn't resist

    4. Andrew Jones 2

      Re: What legit email admin ...

      Yes, because everyone should just have an email account with their ISP right?

      And then when they move from that ISP to another ISP - they should have to remember every account they have with every website, and log in to each one and tell them what their new email address will be right?

      And then 2 years down the line when they need to log in to an account that they forgot they had and didn't give them the new email address, and the forgotten password system keeps sending email to an address that doesn't exist anymore - they will surely say - "Oh yes, this changing my email address every few years when I change ISP's is such a lot of fun, and no hassle what so ever"

      In the real world, just like phone numbers, some people actually want an email address they can keep regardless of who their ISP might be, and webmail providers fit the bill for that perfectly, sure SOME people might buy a domain, and get an email package with whoever they got the domain from, but it might surprise you to learn, everybody on the planet does not have their own personal domain.

      The Gmail adverts argument is one I always find quite funny though, imagine, that Google launched a TV broadcasting company that had all the things you currently pay your current provider for, but then instead of having generic adverts - they showed adverts related to your interests. Imagine they offered this TV network to all it's customers for free instead of paying a monthly bill to your current provider - quite a large number of the people who complain "I don't want Google knowing stuff about me" would be very quick to drop their current PayTV provider in order to get exactly the same content for free.

      1. Anonymous Coward
        Anonymous Coward

        Re: What legit email admin ...

        And then when they move from that ISP to another ISP - they should have to remember every account they have with every website, and log in to each one and tell them what their new email address will be right?

        Yep, and that assumes the website lets you change an email address. Some naïvely assume your email address never changes.

        My father still has to keep an account open at our old ISP because a few sites still use his old email address and he can't change it.

    5. Anonymous Coward
      Anonymous Coward

      Re: What legit email admin ...

      "What legit email admin doesn't bounce toys like yahoo, gmail, hotmail, etc. in the first place?"

      Ooh! Me! Me! I know this one! Email admins who like gainful employment, not pink slips?

  2. Anonymous Coward
    Anonymous Coward

    How about those whose organizations require the use of such accounts so any posts can't be seen as "official statements" ?

    1. jake Silver badge

      @ a cowardly person of uncertain vintage (ElReg, fix the time stamp, already!)

      "How about those whose organizations require the use of such accounts so any posts can't be seen as "official statements" ?"

      Tabloid trash, at best, and completely useless.

      HTH, HAND

  3. Destroy All Monsters Silver badge

    Oh wow jake and his passion for usenet again.

    Chill out mang. This is 2014.

    1. BlueGreen

      usenet

      hey, don't knock it! I found it prefereable in almost every way to what we've got now. Simple, quick, low bandwidth, not proprietary, no need to sign in to anything, update then browse offline... YMMV but I thought it great. Spam killed it.

      We need to handle spam somehow as it, and its variants in the form of ads etc., will kill a lot more of the net eventually, I fear.

      1. Wzrd1 Silver badge

        Re: usenet

        "We need to handle spam somehow as it, and its variants in the form of ads etc., will kill a lot more of the net eventually, I fear."

        Well, the US and pretty much every other nation has plenty of drones now... ;)

  4. Tom Chiverton 1

    Err, so isn't the fix that MailMan etc. need to rewrite the DMARC/SPF headers ?

    1. Wzrd1 Silver badge

      "Err, so isn't the fix that MailMan etc. need to rewrite the DMARC/SPF headers ?"

      So, let me get this straight.

      *Every* mailing list in the world must comply to Yahoo's changes.

      Isn't that what Microsoft said when they bungled TCP/IP, Kerberos, well, pretty much every protocol that they didn't originate or steal?

      1. Anonymous Coward
        Happy

        I see nothing but, appropriately enough, "NET" for both sides. Yahoo! gets there users bounced off of all those listservs thus freeing up, or shit-canning, a whole boatload of mail servers. On the list keepers, they simply do a search and delete on all yahoo receipiants which lowers their costs at the expense of a couple of lines of script at the validation stage of list subscription. Everybody wins, except the poor sods with _only_Yahoo! addresses. But who wants to talk to them anyway.

  5. Mark Allen

    Nothing new

    Yahoo! seem to constantly make a mess of their DKIM signatures. The hosting company I use for my clients check these headers and regularly I get reports from clients getting email bounced from Yahoo (or BTInternet) addresses. All because they've been fiddling with the signatures again. Problems seem to come and go at random during the year.

    At least BT are moving away from Yahoo! so that should reduce some of the complaints I get.

    As I always point out to these people, you get what you pay for with free accounts.

  6. FartingHippo
    Mushroom

    Yahoo shmahoo

    Yahoo has turned it's once-decent email system into a raging clusterf*ck. Massive steps backwards in useability, a large number of accounts suffering vanishing mails, and now this pathetic state of affairs.

    Have they come to the conclusion that email just doesn't pay?

    1. Alan W. Rateliff, II

      Re: Yahoo shmahoo

      Not to mention just ridden with spammers. No other service trips up our anti-spam system as much as Yahoo!, to the point that eventually Yahoo! servers just get blocked out-right because the amount of spam coming from them is far greater than the amount of legitimate email. I clear out the scoring cache and blocks, and within 30 days the internal reputation is so bad I have to do it again.

      I contact Yahoo! in the past and the response was chilled. I was told that Yahoo! email is a free service and their users are free to use other services if the outbound mail servers are over-weighted for spam filters or just plain blocked. I also tried to obtain a list of their outbound servers to try to introduce balance. Crickets.

      The problem is Yahoo! does not just provide free accounts. It also provides egress for SWBell, AT&T, SBCGlobal, and other email accounts for paid services. But they all route through their standard Yahoo! servers, and even worse they wind up going out through servers which seem to be marked for bulk email transmission. Unless its definition of bulk in email context is different than the rest of the world.

      It is difficult to care about a service which does not seem to care for its users.

      1. cordwainer 1
        Thumb Up

        Re: Yahoo shmahoo YES THIS

        I'd like to make sure this point gets hammered home: A LOT of people who have AT&T as their ISP, or who originally signed up with one of the "baby bells" for Internet service, were assigned an address ending in yahoo.com This goes back at least 7 years, since I have notes about a customer in this very situation around that time, who started out with sbcglobal.net.

        The people in this situation don't, by the way, necessarily use the yahoo web interface. I have dozens of customers who had their e-mail client set up by the same person who installed their AT&T DSL, and are completely unaware the server settings are pop.att.yahoo.com

        By the way, att.yahoo.com STILL takes you to the AT&T email login, which is why what yahoo is doing is both particularly boneheaded, and likely also related to AT&T's usual stupidity, control-freakishness, and general untrustworthiness. Once a monopoly, always a monopoly, with monopolistic processes and complete blindness to the effects of their actions on others. Not to mention arrogant unconcern, which pretty much sums up Yahoo's attitude as well, not only toward their customers, but also toward their employees, as I recall.

        So folks like jake who in their ignorance think certain domains should be discriminated against really rub me the wrong way. Come to think of it, bigots use a similar argument ("inferior people should have fewer rights than we superior ones"). And come to think again, bigotry is also a function of ignorance.

        1. Wzrd1 Silver badge

          Re: Yahoo shmahoo YES THIS

          "So folks like jake who in their ignorance think certain domains should be discriminated against really rub me the wrong way."

          I disagree. But, on the basis of performance and annoyances, such as spam.

          If one domain leads the pack in distributing spam, it *should* be discriminated against until they get their act together.

          Otherwise, one is constantly playing with the filter to let the spam leading domain traffic through, then catching merry hell for the spam coming in.

          1. Alan W. Rateliff, II
            Paris Hilton

            Re: Yahoo shmahoo YES THIS

            "Otherwise, one is constantly playing with the filter to let the spam leading domain traffic through, then catching merry hell for the spam coming in."

            This is pretty much what I have to face. Though I catch hell either way: someone's legitimate email gets blocked because of a very poor reputation of the delivering server, or a shit-storm of spam from those servers. It is difficult to get the affected customers to understand either scenario, so I just lower my head, say "yes, ma'am" and "yes, sir," and try my damnedest to keep things operational.

            I believe this is the lot of the email administrator.

    2. Wzrd1 Silver badge

      Re: Yahoo shmahoo

      "Have they come to the conclusion that email just doesn't pay?"

      Yep! Right after they *finally* followed Google and let users use imap.

      Can't push those adverts through imap.

  7. tempemeaty

    IMHO Yahoo is not capable of doing email right anymore

    When I tried to create a new email address with Yahoo and it demanded a cell phone number to get an email account and even the alternate to sign up through G-Mail was broken....I walked away. Yahoo is dead to me now.

  8. Swarthy
    Devil

    Haunting

    I believe that Yahoo! is in fact haunted.

    Haunted by the ghost of all the blink tags they killed when they closed geocities. All of the blink tags, and all of their associated bad HTML is now haunting the Yahoo! servers, making all of the code to a standard similar to what was found on geocities.

    It's a code-tergeist.

  9. Stevie

    Bah!

    Good luck trying to get any decision rescinded in the new era of "fix it 'til it don't work no more".

    The Yahoo Groups front page, once a thing so elegantly simple and easy on the eyes and mouse is now a riot of phone-friendly but widescreen-nerfing bollox I've stopped using Yahoo Groups - and I'm the moderator/owner of three of 'em. The effort of getting the sign-on process to complete without erroring and then to find the three inches of useful stuff (out of a possible seventeen) just wasn't worth the migraine.

    Bye-bye Yahoo. You hired yoofs to fix it up. Good luck with that. See you at the official receiver in two years.

    1. ecofeco Silver badge

      Re: Bah!

      "fix it 'til it don't work no more".

      Exactly.

      The question is: why the hell is this the norm these days?

      1. John Brown (no body) Silver badge

        Re: Bah!

        "The question is: why the hell is this the norm these days?"

        Because most, if not all, of their staff, devs etc are hired straight out of university and working at places like Yahoo is just like being at university because that's where they all came from so they want it be the same as university... (and around we go again)

        They never grow up so every idea is "cool" or "awesome" and gets implemented without anyone ever looking at the potential downsides. It's a bastardisation of the "can do" attitude where they think the way to success is to deal with the problems when they occur instead of at least acknowledging that they might occur and being prepared for them before they happen.. Fire fighting instead of fire prevention.

        Few of these people seem to have a grasp of the real world.

  10. steward
    Boffin

    Yahoo and the new way it makes workers behave

    I think this reflects the effect on thought patterns as well as productivity when you require workers to fight through traffic for an hour or more before beginning work, instead of just sitting down to a computer at home without getting one's brain all whipped up with road rage.

    Somebody should do a sociological study on this data.

  11. NormansLament

    @Jake

    Real men use IronPort.

  12. tdraegen

    old school drama

    As everyone knows, Yahoo is getting destroyed by abuse. I think they're doing what is necessary to curtail gobs of fraud, and some mailing lists are impacted.

    The funny thing is, John Levine has been talking about mailing lists and DMARC since DMARC was publicly released, and yet has never once thought to patch his own software. Other DMARC deployers have funded programmers to make patches to inter-operate with DMARC. If only they knew that what they've done is impossible. IMPOSSIBLE!

    Now please, get off my lawn.

  13. Aslan

    The Good thing about Yahoo

    The good thing about Yahoo is that it isn't Hotmail. I otherwise hate Yahoo for their broken web-mail interface, but I keep the account open just to catch any emails from people I've lost track of. I use Gmail for personal and business reasons. I was using paid email for ~ $50 a year ifriendly.com and they refused to match Gmail, further they suffered three outages in a two month period one lasting nearly three days. They didn't respond to support requests. So now I use Gmail. It's free, faster than email I paid for with more storage space, and much superior uptime, nearly perfect in fact. True there's no support, but who needs it when there are never any problems with the product?

    1. ecofeco Silver badge

      Re: The Good thing about Yahoo

      I use gmail as well, but I've been having synchronizing issues over the past year and sometimes just plain lost email, as in, I'll read the email, go on to the next and somehow the previous email has disappeared entirely. No amount of clever searching can find it. Then is magically reappears the next or a few day later.

      This has played hell between me and my clients and employers and makes me, as an IT person, look very bad. The alternatives? Even worse.

      *sigh*

      1. Wzrd1 Silver badge

        Re: The Good thing about Yahoo

        Haven't had that issue here and I'm on some fairly high volume mailing lists.

        Perhaps it's restricted to the web client? I use imap.

      2. TeeCee Gold badge

        Re: The Good thing about Yahoo

        I'll read the email, go on to the next and somehow the previous email has disappeared entirely.

        Bloody hell, I thought it was something I was doing wrong.

        The secret is to look up the help on rules to file mail where it says something like; "Sod off. Lump it all together and use the search function, organising stuff is so last century.". Use the search to find the "missing" mail. It will find it and the mail will then automagically reappear where you expected it to be in the first place as a side effect.

  14. mark 63 Silver badge

    that jake dun a hell of a troll eh? does it count if its unintentional?

  15. Cheshire Cat
    FAIL

    DKIM abuse

    So, further investigation reveals that what they've done is to (a) use a DKIM signature that includes the Subject, Reply-To and Received headers, meaning that the moment it passes through a mailing list or redirector the DKIM signature becomes invalid, and (b) use a DMARC record which specifies that 100% of messages failing DKIM should be dropped into the bitbucket. They also implemented this straight off without gradual implementation or warning.

    In addition, they've set up their own mail servers to bounce any imcoming dkim-failed messages, which means that any mailing lists to which a yahoo.com address has subscribed will receive a bounce message, and will then auto-unsubscribe said user...

    Mail admin FAIL I think.

    1. Wzrd1 Silver badge

      Re: DKIM abuse

      "Mail admin FAIL I think."

      Well, hire the incompetent! They work cheaper.

  16. vickiryder

    Yahoo and DMARC

    Well, I've read through all the comments above, but not one of them provided an actual solution (or even a helpful suggestion) to the problem I'm facing. I am a retired person doing volunteer work and very dependent on my listservs for my organizing work. Instead of shaming me for having group list members who are Yahoo subscribers, can someone please tell me what I might do now that DMARC is bouncing all of my Yahoo members and shutting down the lists??? Any and all well-intentioned help would be very much appreciated, but I don't wish to be scolded for being stupid enough to be using Yahoo, or not affluent enough to be paying for service. Thank you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yahoo and DMARC

      Well, I've read through all the comments above, but not one of them provided an actual solution (or even a helpful suggestion) to the problem I'm facing.

      Well, about the only thing you might be able to do, is set up your list server to re-write the From address and other details so it looks as if your server is sending it rather than the other party.

      I'm not sure what software you're using, I know Mailman has this feature (from the documentation)

      from_is_list

      Setting this variable to Yes causes the From: address to be replaced by the list address so that policies like ADSP or DMARC can be applied.

      anonymous_list

      This variable allows you to turn on some simple anonymizing features of Mailman. When you set this option to Yes, Mailman will remove or replace the From:, Sender:, and Reply-To: fields of any message posted to the list.

      Note that this option is simply an aid for anonymization, it doesn’t guarantee it. For example, a poster’s identity could be evident in their signature, or in other mail headers, or even in the style of the content of the message. There’s little Mailman can do about this kind of identity leakage.

      What you can achieve will depend on the software you use.

    2. jake Silver badge

      Re: Yahoo and DMARC

      Email. You want it all. You can have it. For free.

      But you have to learn something first.

      You can spend all the time on your cause that you wish to spend ... but if you don't understand how the tools that you are using actually work, you are going to start stripping bolts.

      Take a course in using email, from both a server and client perspective. It'll do you a world of good.

This topic is closed for new posts.

Other stories you might like