4/25 Update: Renamed post to “DMARC” instead of Yahoo now that Aol has their DMARC policy set to reject: http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/
After spending sometime the last couple of days checking and rechecking my SPF settings I figured out today it was a change Yahoo made that broke message delivery to external recipients. Yahoo made this change “over the weekend” per some news articles, I first noticed NDRs dues to this on Monday 4/7/2014
The issue is that Yahoo changed their DMARC, which is made up for SPF and/or DKIM settings/policies, to “p=reject” which tells receiving email servers to reject emails from yahoo.com addresses that don’t originate from its servers. So if a Yahoo users sends an e-mail to firstname.lastname@example.org and it contains recipients at @yahoo, @gmail, @msn, @hotmail, @outlook.com, @comcast, and many other email providers that check the original sending severs (Yahoo in the case) policy they will reject the mail. This is because the sending server of the e-mail is yourorg.com and not yahoo.com.
Yahoo did this to help reduce spam that is being sent from accounts on their servers to mailing list that contains external recipients. But they basically “broke every mailing list in the world” to quote some of the many news articles I found today about this issue.
At this time there is no work around for Exchange that I know of. The suggestion is to tell users to stop using yahoo to send e-mail to mailing list. So this won’t work since as email admins we have no control over what users do externally.
I’m hoping Yahoo fixes this policy setting ASAP! I will update this post as I learn more!
Errors users\DL owners will see:
mta1386.mail.bf1.yahoo.com gave this error:
Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
mx3.hotmail.com # #SMTP#
imta13.westchester.pa.mail.comcast.net gave this error:
oFxW1n00k0D7utr0DFxXU1 Message rejected due to DMARC. Please see http://postmaster.comcast.net/smtp-error-codes.php#DM000001
BAY0-MC3-F11.Bay0.hotmail.com gave this error:
(BAY0-MC3-F11) Unfortunately, messages from (18.104.22.168) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions.
The only workarounds that I’m aware of at this time is to use an EDGE address rewrite rule to have any messages sent to a DL to have their From address to be the DLs, instead of the sending users. The other is to enable moderation on your DLs that have external recipients and for any coming from yahoo.com or aol.com (currently, but more will be added in the future I’m sure) resent them manually from the DL or a mailbox.
I’m hoping to hear back from some of my peers soon on better workarounds.
Good blog post on DMARC and why the rejection is happening and why this is a good thing, in general: http://huitema.wordpress.com/2014/04/21/about-dmarc-or-can-email-evolve/
News articles about this issue: