The Yahoo bounce problem has been resolved. There were erroneous ‘554: this user does not have a yahoo.com account’ between March 14 and March 16. If you attempted to send mail and received this bounce during that time you can reactivate the address in your database. Most ESPs should be able to help you with this.
Moving forward, though, these bounces are valid and addresses should be removed from your list according to standard data hygiene processes.
I still don’t have any solid information on the cause of the Yahoo bounces. I do know that folks inside Yahoo are looking into the issue.
However, multiple people (including my clients) are reporting that the addresses that are bouncing have very recent click and open activity. Other reports say these addresses deliver on a resend.
It looks like my advice yesterday was incorrect. I’m currently telling clients to continue mailing addresses for the time being.
We’ve returned from London, where I spoke at the Email Innovations Summit and enjoyed a bit of vacation. My wrap-up post also mentions an article I wrote for the Only Influencers site, which looks at questions I get asked frequently: “Why does spam make it to the inbox and our legitimate marketing email doesn’t? Should we just copy their tactics?”
In industry news, Yahoo caught our attention for two surprising moves: disabling forwarding and — much more disturbing — creating software for intelligence agencies to search customer email.
Some legal updates this month: The Second Court of Appeals upheld an earlier ruling that companies are in fact liable for the activities of their affiliates, including spam and fraudulent claims. This is important, as we often see spammers and cybercriminals use affiliates to distance themselves from these activities. We also saw another fine assessed for a violation of CASL, and noted with appreciation the transparency and thoughtful process that the Canadian Radio-television and Telecommunications Commission (CRTC) demonstrates in explaining their actions.
Another excellent report is the one created by the Exploratorium to explain their recent experience with being phished. It’s a good piece to share with your organization, in that it reminds us that these cybercriminals are exploiting not just our technology but our trust-based connections to our friends and colleagues. It’s important to raise awareness about social engineering as a part of information security. And speaking of email security, we were delighted to note that André Leduc received the 2016 J.D. Falk award this month at M3AAWG for his excellent work on this topic. It’s a fitting legacy to our friend, J.D., who died five years ago this month. We miss him.
Finally, we’d be remiss in observing Halloween without a post about zombies. Feel free to read it aloud in your spookiest voice.
AOL posted on their blog today about changes to DMARC reporting and FBL messages as they continue to transition domains to the OATH infrastructure. As AOL domains go to the new infrastructure, DMARC reports for those domains will be included in the existing Yahoo DMARC reports.
After the MX migration is done, they’ll start migrating the actual user mailboxes. Right now, FBL messages for AOL properties are coming from AOL and will continue to do so until the actual mailbox is transitioned to the new infrastructure. Once the mailbox is transitioned, then any FBL emails from that address will come from the Yahoo infrastructure. The blog post at AOL suggests signing up for both AOL and Yahoo FBLs during this transition phase.
It does bring up an interesting question as to whether or not the combined FBL is going to be IP based, DKIM based or a mix of both. It sounds like at least during some part of the consolidation there will be a DKIM only FBL. It could be that there will be some expansion to an IP system in the future. Or, it could be that all FBLs from AOL addresses will be based on DKIM domain.