[This is a repost from an article that still attracts interest.]
On April 4th, 2014 Yahoo changed their Domain-based Message Authentication, Reporting and Conformance (DMARC) policy such that “all other mail services [are to] reject emails claiming to come from a Yahoo user, but not signed by Yahoo.” On April 22nd, AOL applied similar changes to their own DMARC policies.
Use your own domain
The best way to avoid being affected by changes like these is by using your own domain when you send emails and it’s something we’ve always recommended: Sending from your own domain and Authenticating my domain.
If people sign up at www.maggiescupcakes.com, the email should come from an email address that ends in @maggiescupcakes.com.
By sending through an email address that uses a domain you own, you have full control. You validate it once and you are on your way. No more worrying about the next change made by the big players (Yahoo!, Gmail, Outlook, etc.).
Here is how you can do it:
Changing my sender email address.
Authenticating my domain
Why are Yahoo! and AOL changing their policies?
When malevolent people impersonate a brand, such as Yahoo!, in an attempt to get your personal details, it’s called a “spoofing attack”.
One of the ways receivers can “check” to see if the sender really says who they say they are (and thus, prevent spoofing attacks) are through the different ways the emails are validated.
One such method, Domain-based Message Authentication, Reporting and Conformance (DMARC), gives the domain owner the ability to control how receivers handle email that presumably comes from their domain. DMARC empowers the domain owner to ask the receivers to either report the use of the domain or categorically reject it. Visit https://dmarcian.com/dmarc-what/ for more details as to what DMARC is and what it does to identify the sender.
Are people using a gmail.com or hotmail.com addresses also affected?
Not yet, but it’s important to note that using a free email address as a FROM email will almost always cause delivery problems. You’re still “spoofing” your email provider, but some might just redirect your emails to the spam folder instead of blocking them all together. And while Yahoo! and AOL may have been the first to take concrete action by changing their DMARC policies, they certainly won’t be the last.
More information on the DMARC policy changes by Yahoo! and AOL: