Yahoo Changes to Email Policy

Over the last 48 hours the domain has implemented a change in its DMARC policy. DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” is an email authentication policy record that aims to prevent from address spoofing.

The change in this policy implemented by Yahoo means that any email message that uses a from address in the message headers of must originate from Yahoo’s own mail servers. Yahoo LogoMessages sent through  any  source outside of Yahoo using a from address will be rejected by any mailbox provider that has implemented DMARC. This includes almost all major mailbox providers like Gmail, Outlook, AOL, Comcast and others.  All major service providers like AttendStar, Amazon, MailChimp, Constant Contact are NOT affected by this since none of send from any Yahoo source.

This is a major change of security policy from Yahoo and came without any warning. It looks like only is affected as their other domains such as [ ] and [ ] do not have similar strict rejection polices. We do know that Yahoo has been under an ongoing attack in which malicious users are compromising accounts and sending unsolicited mail to that accounts’ contacts. While Yahoo blocked this mail from processing internally, this could be an attempt to prevent this mail from originating outside their network.

At this point in time Yahoo has not released any specific information about this change. Part of the DMARC standard allows Yahoo to receive reports about the mail they have blocked, so they are certainly aware of the disruption this is causing. It is unclear at this time if this is a temporary stop-gap or a long term change in policy.

Customers encountering errors sending with a from address will need to change the from address in order for messages to successfully process.

Here are some examples of the SMTP error codes you may see in your reports due to this change:

Gmail and Google Apps DMARC Error Code:

550-5.7.1 [X.X.X.X] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. Please visit for more information. – gsmtp

Outlook/Hotmail/Live/MSN/Office365 DMARC Error Code:

550 5.7.0 (XXXX-XXX-XXX) Unfortunately, messages from (X.X.X.X) on behalf of ( could not be delivered due to domain owner policy restrictions.

Yahoo DMARC Error Code:

554 5.7.9 Message not accepted for policy reasons. See

Comcast DMARC Error Code:

550 5.2.0 XXXXX Message rejected due to DMARC. Please see

AOL DMARC Error Code:

521 5.2.1 : (DMARC) This message failed DMARC Evaluation and is being refused due to provided DMARC Policy

For more information about DMARC please see the official website at [ ]. Any further questions should be directed to your webmaster or email provider.  This is not an issue with AttendStar, MailChimp, Constant Contact, or any large service provider.