BLOG

Yahoo changes

Thanks to tips by a couple blog readers and some clients, I have been looking into Yahoo disabling links in the bulk folder. It does appear Yahoo is no longer allowing users to click on links in emails that Yahoo places in the bulk folder.

In fact, some of the spam in my Yahoo mailbox even has a notice about this.

One of the interesting questions I’ve gotten about this is how it affects unsubscribes. Yahoo is disabling the unsubscribe links in emails that go to the bulk folder. This includes unsubscribe links. And, unlike other webmail providers, Yahoo doesn’t appear to have a way to see the full email. This means that recipients can’t unsubscribe from mail in the bulk folder.

The real question is does this action by Yahoo result in the sender violating CAN SPAM? Anyone have an opinion?

13 comments

  1. steve says

    If the message is CAN-SPAM compliant when it leaves the senders network then the sender isn’t violating CAN-SPAM with that message, I’d say.

  2. Kelson says

    I agree with Steve on this one. If the recipient uses some obscure email client that doesn’t make links clickable in the first place, or allows you to turn clickable links on and off, the effect is the same.

  3. Jim says

    The interesting question; why is yahoo forcing a judgement call without access to links? have privacy issues been raised about tracking opens and clicks to rate engagement? seems like this keeps all the info within yahoo walls.

  4. Martijn says

    @Jim: a lot of today’s spam links to malware (usually via drive-by downloads; Blackhole etc.). Until not too long ago, if you got a suspicious looking email (e.g. one that claimed to come from Paypal) you could just click the link and verify whether the landing page was genuine. Now it’s usually too late: by the time you’ve opened the link, the payload has already been activated.

    Not sure what Gmail’s policy on this is, but in some spam emails the links aren’t clickable either, while in others they are.

  5. Jim says

    @Martijn: so basically what you are saying is that Yahoo thinks it is better for someone to move the Phish or malware email to the inbox before they click the link. That doesn’t sound like a great solution to malware, but thanks for the info on today’s spam.

  6. steve says

    There’s also the issue of false positives where legitimate email is sent to the bulk folder. If the user moves that mail to the inbox it provides information to the spam filters that it was miscategorized, while if they just read it in the bulk folder it doesn’t.

    Most false positives tend to be commercial “grey” mail, where much of the content is behind links rather than in the mail itself. Forcing the user to move such mail to the inbox if they want to interact with it seems like it’ll improve the quality of user feedback.

  7. Martijn says

    @Jim: it’s not a solution. But it does it a little less likely that someone clicks the link. Ultimately, it’s the user’s responsibility which links to click or not and the user also has the final say on what is spam or not, but making links in the spam folder non-clickable seems like a sound thing to do.

    1. laura says

      It’s clearly a good idea, particularly given the amount of drive by malware that’s being advertised in spam.

  8. Jules says

    In fact the real question is: Do yahoo violate CAN-SPAM ?

    If the sender is CAN-SPAM and put an unsubscribe link to the message, it should be clickable.

    If this new changes were made in place for fight malware spam it is generally a good idea.

    But if theses changes was made in order to reduce unwanted / unsolicited or spam volume to yahoo server, that’s a very bad idea.
    Cause people won’t be able to unsubscribe and even click “report as spam” (because they are in bulk or spam folder), so the senders will keep sending mail to people which in other case probably unsubscribe. This affect the whole process of letting the user choising if he want to be removed or not.

    1. laura says

      I don’t believe Yahoo can violate CAN SPAM as they are not sending the message and the law puts no restrictions on ISPs.

  9. Omar says

    On the whole, this change helps align the recipient’s filtering preferences with their actions: moving to the inbox gives Yahoo the data that it should be delivered to the inbox in the future. However, Yahoo! should provide a prominent notice of this new behavior when viewing mail in the spam folder. I think most users will just assume that the email is broken.

  10. nick says

    I find it more odd that yahoo made these changes and does not provide notification of this. Their web mail client will notify the user that images are blocked but not links..

  11. Muttblaster says

    Given the proliferation of spam being sent from Freemailers like Yahoo! via compromised accounts (like http://send-safe.com for example) I can understand why Yahoo! is showing confidence in their filtering decision by rendering the URLs null, but hedging their bets, as Steve notes, due to false positives of greymail by not deleting them outright.

Comment:

Your email address will not be published. Required fields are marked *

  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


  • Fixing discussion lists to work with new Yahoo policy

    Al has some really good advice on how to fix discussion lists to work with the new Yahoo policy. One thing I would add is the suggestion to actually check dmarc records before assuming policy. This will not only mean you're not having to rewrite things that don't need to be rewritten, but it will also mean you won't be caught flat footed if (when?) other free mail providers start publishing p=reject.No Comments


  • Sendgrid's open letter to Gmail

    Paul Kincaid-Smith wrote an open letter to Gmail about their experiences with the Gmail FBL and how the data from Gmail helped Sendgrid find problem customers. I know a lot of folks are frustrated with Gmail not returning more than statistics, but there is a place for this type of feedback within a comprehensive compliance desk.No Comments


Archives