Tag Archive for 'Yahoo'

Articles I read today

Published
by
laura
12Feb
in Industry
.

It has been a rather busy day today, I do not have a full blog post. I did see a couple posts come across my RSS feeds. Both of them have content I want to talk about and discuss in a little more detail, as I think they touched on some very interesting issues.

Network World has an article interviewing Mark Risher from Yahoo. The article discusses Yahoo’s use of DomainKeys as part of their inbound mail filtering.

Mickey has an article about how to deal with ISPs when attempting to troubleshoot a blocking issue.

More details and commentary on both articles later this week.

0 Comments

Update on Yahoo and the PBL

Published
by
laura
23Jan
in Industry
.

Last week I requested details about Yahoo rejections for IPs pointing to the PBL when the IP was not on the PBL. A blog reader did provide me with extremely useful logs documenting the problem. Thank you!

Based on my examination of the logs, this appears to be a problem only on some of the Yahoo! MXs. In fact, in the logs I was sent, the email was rejected from 2 machines and then eventually accepted by a third.

I have forwarded those logs onto Yahoo who are looking into the issue. I have also talked with one of the Spamhaus volunteers and Spamhaus is aware of the issue as well.

The right people are looking at the issue and Spamhaus and Yahoo are both working on fixing this.

Thanks for the reports and for the logs.

0 Comments

PBL and Yahoo

Published
by
laura
15Jan
in Industry
.

A few days ago I posted about Yahoo using the Spamhaus lists. In the comments of that post there have been multiple reports of mail being bounced from Yahoo with a reason of “on the PBL” but the IP was not on the PBL.

I am happy to look into this for people. I’m sure neither Spamhaus nor Yahoo want to be incorrectly rejecting email. To do this, though, I need the rejection message from Yahoo, the IP the mail was sent from and when it happened. Feel free to email the information to laura at wordtothewise.com.

0 Comments

Yahoo and Spamhaus

Published
by
laura
04Jan
in Industry
.

Yahoo has updated and modified their postmaster pages. They have also put a lot of work into clarifying their response codes. The changes should help senders identify and troubleshoot problems without relying on individual help from Yahoo.

There is one major change that deserves its own discussion. Yahoo is now using the SBL, XBL and PBL to block connections from listed IP addresses. These are public blocklists run by Spamhaus. Each of them targets a different type of spam source.

The SBL is the blocklist that addresses fixed spam sources. To get listed on the SBL, a sender is sending email to people who have never requested it. Typically, this involves email sent to an address that has not opted in to the email. These addresses, known as spamtraps, are used as sentinel addresses. Any mail sent to them is, by definition, not opt-in. These addresses are never signed up to any email address lists by the person who owns the email address. Spamtraps can get onto a mailing list in a number of different ways, but none of them involve the owner of the address giving the sender permission to email them.

Additionally, the SBL will list spam gangs and spam supporters. Spam supporters include networks that provide services to spammers and do not take prompt action to remove the spammers from their services.

The XBL is a list of IP addresses which appear to be infected with trojans or spamware or can be used by hackers to send spam (open proxies or open relays). This list includes both the CBL and the NJABL open proxy list. The CBL list machines which appear to be infected with spamware or trojans. The CBL works passively, looking only at those machines which actively make connections to CBL detectors. NJABL lists machines that are open proxies and open relays.

The Policy Block List (PBL) is Spamhaus’ newest list. Spamhaus describes this list as

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer’s use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

PBL IP address ranges are added and maintained by each network participating in the PBL project, working in conjunction with the Spamhaus PBL team, to help apply their outbound email policies.

Additional IP address ranges are added and maintained by the Spamhaus PBL Team, particularly for networks which are not participating themselves (either because the ISP/block owner does not know about, is proving difficult to contact, or because of language difficulties), and where spam received from those ranges, rDNS and server patterns are consistent with end-user IP space…

Generally, email service providers and bulk senders only need to be concerned about the SBL. Being listed on the SBL is a sign that your subscription processes allow addresses to be subscribed by people who do not own those addresses. Removal from the SBL involves fixing subscription processes and verifying that all recipients do actually want to receive your email.

Generally ESPs and bulk senders should not be listed on either the XBL or the PBL. I am aware of a couple cases where senders were listed on the XBL, but in all these cases there was a Windows machine inside the company infected with a trojan sending spam. Once the machine was cleaned, the listing was removed promptly. Senders listed on the PBL should talk to their ISP for resolution.

8 Comments

Greylisting: that which Yahoo does not do

Published
by
laura
08Nov
in Industry
.

Over the last couple days multiple people have asserted to me that Yahoo is greylisting mail. The fact that Yahoo itself asserts it is not using greylisting as a technique to control mail seems to have no effect on the number of people who believe that Yahoo is greylisting.

Deeply held beliefs by many senders aside, Yahoo is not greylisting. Yahoo is using temporary failures (4xx) as a way to defer and control mail coming into their servers and their users.

I think much of the problem is that the definition of greylisting is not well understood by the people using the term. Greylisting generally refers to a process of refusing email with a 4xx response the first time delivery is attempted and accepting the email at the second delivery attempt. There are a number of ways to greylist, per message, per IP or per from address. The defining feature of greylisting is that the receiving MTA keeps track of the messages (IP or addresss) that it has rejected and allows the mail through the second time the mail is sent.

This technique for handling email is a direct response to some spamming software, particularly software that uses infected Windows machines to send email. The spam software will drop any email in response to a 4xx or 5xx response. Well designed software will retry any email receiving a 4xx response. By rejecting anything on the first attempt with a 4xx, the receiving ISPs can trivially block mail from spambots.

Where does this fit in with what Yahoo is doing? Yahoo is not keeping track of the mail it rejects and is not reliably allowing email through on the second attempt. There are a couple reasons why Yahoo is deferring mail.

  • Shedding load in a generic and non-specific way.
  • Shedding load by temporarily refusing mail from specific IPs.

In the first case, the shedding of load means nothing more than Yahoo is shedding load. There is not really anything the sender can do to compensate for this, nor is there any thing the sender is doing (except possibly send mail to Yahoo at the same time as the rest of the world) to precipitate the blocking.

In the second case, these are more specific refusals and there are things senders can do to minimize the deferrals.

  1. Have good address collection practices.
  2. Have good data hygiene (prune your bounces)
  3. Do not send more than 5 emails per any single connection
  4. Do not open too many connections from any single IP address
  5. Honor unsubscribes promptly
  6. Apply for whitelisting

Even the best mailers sometimes see deferrals at Yahoo. However, because Yahoo is using a temporary rejection, unless there are significant problems with your mailings, the mail will get through.

3 Comments

ISP Postmaster sites

Published
by
laura
05Nov
in Industry
.

A number of ISPs have email information and postmaster sites available. I found myself compiling a list of them for a client today and thought that I would put up a list here.

0 Comments

Yahoo blocks unauthenticated PayPal and eBay Mail

Published
by
laura
04Oct
in Industry
.

Yahoo announced this morning that over the course of the next few weeks Yahoo would roll out a new feature to their email that blocks any unauthenticated email from eBay and PayPal.

In a blog post Nikki Dugan says:

Our weapon is a technology Yahoo! spearheaded called DomainKeys, which uses cryptography to verify the domain of the sender. In overly simplified terms, if the email’s originating domain ain’t really eBay.com or PayPal.com, it ain’t going through.

DomainKeys / Domain Keys Internet Mail have seen steady adoption by senders and receivers over the last few years. As more and more companies are signing outgoing mail, more and more receivers can make delivery decisions based on those signatures. This is the first time a sender and a receiver have announced an agreement that all non-signed email will be rejected.

Hat tip: Matt

0 Comments