4/25/14 Update: Renamed post to “DMARC” instead of Yahoo now that Aol has their DMARC policy set to reject: http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/
After spending sometime the last couple of days checking and rechecking my SPF settings I figured out today it was a change Yahoo made that broke message delivery to external recipients. Yahoo made this change “over the weekend” per some news articles, I first noticed NDRs dues to this on Monday 4/7/2014
The issue is that Yahoo changed their DMARC, which is made up for SPF and/or DKIM settings/policies, to “p=reject” which tells receiving email servers to reject emails from yahoo.com addresses that don’t originate from its servers. So if a Yahoo users sends an e-mail to firstname.lastname@example.org and it contains recipients at @yahoo, @gmail, @msn, @hotmail, @outlook.com, @comcast, and many other email providers that check the original sending servers (Yahoo in the case) policy they will reject the mail. This is because the sending server of the e-mail is yourorg.com and not yahoo.com.
Yahoo did this to help reduce spam that is being sent from accounts on their servers to mailing list that contains external recipients. But they basically “broke every mailing list in the world” to quote some of the many news articles I found today about this issue.
At this time there the only workaround for Exchange clients is to use the EDGE role and setup address rewrite rules. Here is an article on Using Header Rewriting with Exchange Server 2010 that should help with that.
I’m hoping Yahoo fixes this policy setting ASAP! I will update this post as I learn more!
Errors users\DL owners will see:
mta1386.mail.bf1.yahoo.com gave this error:
Message not accepted for policy reasons. See http://postmaster.yahoo.com/errors/postmaster-28.html
mx3.hotmail.com # #SMTP#
imta13.westchester.pa.mail.comcast.net gave this error:
oFxW1n00k0D7utr0DFxXU1 Message rejected due to DMARC. Please see http://postmaster.comcast.net/smtp-error-codes.php#DM000001
BAY0-MC3-F11.Bay0.hotmail.com gave this error:
(BAY0-MC3-F11) Unfortunately, messages from (220.127.116.11) on behalf of (yahoo.com) could not be delivered due to domain owner policy restrictions.
The only workarounds that I’m aware of at this time is to use an EDGE address rewrite rule to have any messages sent to a DL to have their From address to be the DLs, instead of the sending users. The other is to enable moderation on your DLs that have external recipients and for any coming from yahoo.com or aol.com (currently, but more will be added in the future I’m sure) resent them manually from the DL or a mailbox.
I’m hoping to hear back from some of my peers soon on better workarounds.
Good blog post on DMARC and why the rejection is happening and why this is a good thing, in general: http://huitema.wordpress.com/2014/04/21/about-dmarc-or-can-email-evolve/.
Yahoo’s article on their DMARC policy and how to deal with it, but doesn’t have any info on Microsoft Exchange: http://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders-do
Articles about this issue: