Deliverability.com

Good news today was posted by Return Path. For those using Sender Score Certified, you now will receive automatic image and link enabling at both Hotmail and Yahoo!

What do you have to do to get this privilege at Yahoo?

1. Be a Certified level member in the program. Apply right now.
2. Have IPs that are rarely, if ever, suspended from the Certified list 
3. Authenticate your email with Domain Keys and/or DKIM and have unique domain/selector pairs dedicated to your Certified IPs
4. Submit domain [d=] and selector [s=] values associated with your Certified IPs

Pretty simple I say. This should help anyone in the program to clearly communicate their value proposition and provide your customers the best possible experience.

Congratulations Return Path and Yahoo! for making this a reality. Membership DOES have its privileges.

-Dennis
Eloqua

Don't Just Send, Deliver!

As previously mentioned here on Deliverability.com, as of last month, Yahoo! Mail no longer participates in Goodmail’s CertifiedEmail program. For CertifiedEmail senders, this means CertifiedEmail messages no longer receive enhanced privileges such as guaranteed inbox placement, images displayed by default, or the CertifiedEmail icon.

On March 24th, we will decommission the MX record for ‘gms.mail.yahoo.com’, the dedicated domain to which senders have been routing CertifiedEmail for Yahoo! Mail recipients. To ensure no disruption of email delivery to Yahoo!, we recommend clients consult with Goodmail and make any necessary changes to their email systems in advance of this date.

Senders may contact our postmaster team via this form should any deliverability issues arise around the transition deadline. Our goal is to facilitate a smooth transition and to help ensure the best email experience for our users as always.

Yahoo! posted a notice this morning that the MTA connectivity problems have returned. Here's the latest missive from Yahoo!

_____

At around 6am PST, we again started experiencing low connectivity on our MXes, and we have since been working incessantly to improve the situation. As before, the SMTP error message being generated by the issue will generally be the following:

"420 Resources unavailable temporarily. Please try later <insert Y! MTA
hostname"

However, some senders may see our other "421" SMTP error messages as well, as listed here:

http://postmaster.yahoo.com/errors/

Ensuring that email is delivered in a timely manner is of the utmost importance and priority for us, so we appreciate your patience while we work on the issue.

_____

-Len Shneyder
Director of Partner Relations
& Industry Communications
www.pivotalveracity.com

Yahoo! is having some MTA connectivity problems, from the Postmaster Blog:

If you're seeing some queuing in your outbounds today when sending to Y! users,
we're currently experiencing low connectivity across our MTAs, which started
this morning. We're working to get things back to normal.

The SMTP error message being generated by the issue should be:

"420 Resources unavailable temporarily. Please try later <insert Y! MTA hostname>"


Our apologies for the inconvenience.

____________________

In addition to the 420s it appears as though 421s are increasing so expect to see a few flavors of message deferred in your logs.

Sincerely,

-Len Shneyder
Director of Partner Relations
& Industry Communications
www.pivotalveracity.com

Received the following note from Pivotal Veracity support alerting folks to an existing problem at Yahoo! who's handling inbound mail for the ATT family of domains:

• att.net
• wireless.att.com
• sbcglobal.com
• bellsouth.net

Dear Clients,

Last week Pivotal Veracity personnel noticed a large portion of client’s email campaigns, bound for AT&T, landing in the spam folder & inbox simultaneously. In case you were not aware, AT&T’s back end is being serviced by Yahoo!.

PV Personnel reached out to Yahoo to determine if there was a global issue. According to Yahoo!'s postmaster team there are servers that are not up to date with the rest of Yahoo’s infrastructure. The Postmaster team is working on the problem and hopes to have it resolved by the end of the week or at the latest early next week.

Implications Clients should potentially expect to see a portion of their email, for AT&T, land in the spam folder because of the out of date filtering rules on those mail servers. Normal email delivery will be restored once the filtering rules are updated on those servers.

If you have any questions about delivery to AT&T or Yahoo! please don't hesitate to contact our support team here.

Sincerely, -The pvIQ Support Team

Also blogged about it over at the Bronto blog.

Chris Wheeler
Director of Deliverability, Bronto Software

From late May and continuing to June, Yahoo! Mail was sporadically blocking inbound SMTP connections from certain IP addresses with an error message indicating that it was due to a Spamhaus listing. While we do use Spamhaus data for rejecting incoming connections, the problem was, some of the blocked IPs were, in fact, not listed in any of their blocklists. Today, the issue briefly reared its ugly head again, although at a much lesser scale.

It's worth mentioning that this wasn't a sender- or Spamhaus-specific problem; it was something on our end that was causing the spurious blocks. With that said, we have identified the root cause of the problem and fixed it.

With our apologies, senders can rest assured that these erroneous blocks are no longer happening. Furthermore, it did not affect the sending reputation of any IP that was mistakenly blocked.

-Carlo
Yahoo! Mail Anti-spam team
http://postmaster.yahoo.com

With all the different technology Obama's administration has been using during his first months in office (including Twitter, Facebook and blogs), their heavy use of email as a communication channel is no surprise. However, it was surprising to see their email updates subscribing to Goodmail's CertifiedEmail service. I saw the following on David Axelrod's announcement yesterday driving traffic to Obama's latest international diplomatic speech in my Yahoo! webclient.

(If you don't use Yahoo!, the Learn More link above takes you here.)

Now that the White House has implicitly backed one of these services, it will be interesting to see if this has any affect on the rest of the email industry. If it's good enough for the President...

GovDelivery, the White House's ESP, is hosting the services. It would be interesting to see if this new addition helps drive down what I could only imagine being a plethora of phishing or spam attacks claiming to be from Obama and his staff. Also, the email is very image/link light so it would seem this effort was less around enabling users to take immediate action and more about reinforcing the identity and inbox delivery of the email.

I joined Genius.com a few months ago as a member of their Deliverability and Anti-Abuse team. My focus is on deliverability and managing the email servers. Genius has a great application that gets marketers and sales people working together. The Genius application relies heavily on emails being sent to the right people at the right time.

In addition to email deliverability, I have a background in system admin, programming (among other nerdy pursuits) and I am active in the technical (and sometimes political) Internet community which helps me in the world of deliverability . I look forward to sharing my experience with you over the coming weeks.

The world of DKIM: Domain Keys Identified Mail.

One of the challenges in identifying suspicious email is knowing reliably where it came from. With email coming from a wide variety of machines, it’s possible that a machine has been compromised and a malicious sender is spoofing mail headers, injecting false headers and essentially misrepresenting a third party. A lot of spam is generated by compromised machines which are part of botnets, networks of thousands (even millions) of remotely controlled machines. Some of these machines can be even legitimate mail servers, some can send email via ISP or ESP mail servers (ISP: Internet Service Provider, ESP: Email service provider). How do we know who is who? Who should we complain to? Some services like spamcop.net, try to analyse emails headers and figure out who was responsible for sending the email but they often also target whoever is managing the networks used to relay the emails. They aim wide, to ensure they will alert someone that will care and fix the spam source.

Would it not be easier to know who is sending emails?

There are some old techniques like Pretty Good Privacy (PGP) and S/MIME but they are heavy to implement because they require the cooperation of all of the users. Besides, we often do not need to authenticate the emails, but have a way to validate where the email is coming from. That is, to identify which system administrator configured the mail server that sent the email. This is the person we want to talk to for any problem. Hopefully he/she is a little bit more clued than the user who sent the email and can take remedial methods. Fixing problems on the Internet involves often finding the person that understands what you want and knows what action to take. End users are rarely in this category, but systems and network administrators are.

Several industry groups tried to solve this problem, the two main technologies that emerged were DomainKeys and Sender Policy Framework (SPF).

Ideally, emerging technologies will evolve to become standards. The Internet Engineering Task Force (IETF) does not generally create new Internet technologies, but they are very good at taking something that a group submits for standardization and making it rock solid because the peer review is strong. This has been the case for example for http (the web protocol), ssl/tls (securing connections between applications) and many others.

They did the same thing with DomainKeys and SPF and issued the DKIM specification. DKIM is now in the Internet Standard track of the IETF. It means if you like it you have a fixed specification you can follow that will work with various and disparate systems. It really become a de-facto standard when a large group implements it.

The main problem with SPF (and a bit with the Sender-ID upgrade) is that emails move from machines to machines before reaching the final destination. In many cases there are only two mail servers involved. The sender and the receiver. SPF inserts a header that tells if you check this domain, it will tell you that this IP address (of the sender) is authorised to send emails for this domain. But if you add a mail relay server, the whole scheme falls flat, as the receiver will have the ip of the mail relay not of the original server. On the other hand DomainKeys has another problem, it can only validate headers that contains the same domain name as the signature. So for instance you can relay a signed message but you cannot sign a message that you relay (like for a mailing list).

DKIM solves all these issues.

At the moment the DKIM Working Group at the IETF is working on specifying a standard for defining policies for the use of DKIM. But first you noticed, I did not say that DKIM authenticates an email, as it is not true. It just validates some headers. It is up to the receiver to process the email based on the successful validation of certain headers and deliver it to your inbox, junk folder, etc. DKIM allows a mail admin (or rather a mail server) to take responsibility for sending/forwarding an email and let other servers know.

This is convenient for instance, to build reputation based on who takes responsibility for sending/forwarding the email. For instance AOL has announced that they will move from IP based reputation to Domain based reputation using DKIM. Similarly, Yahoo provides a feedback loop based on the domain validating the email using DKIM. It does not matter which IP the email comes from.

But what are DKIM policies?

For instance, e-Bay and Google have announced that all the e-Bay emails will be DKIM validated and that Google will use this information to trash any email supposedly from e-Bay which is not DKIM validated. Imagine if all the banks were following this policy. It would seriously reduce the amount of phishing.

Third party validation.

I spoke earlier, that a relay mail server can validate an email. For instance in the case of mailing lists. The mailing list software receives an email, and decides to use its reputation to forward the email to all the subscribers. It can do a third party validation on an email it is forwarding. There is no requirement that any headers in the email (From, Sender, …) contain the same domain name as the domain name of the mailing list. This opens other possibilities. Let's take the bank example, instead of each bank having their own DKIM validation, they could also have a validation done by a bank confederation, authority or regulator (third party). This would add another level of reputation on the email (while they can still add their own DKIM validation to the email).

Genius is providing third party validation on all our customers’ emails. We are taking responsibility for the emails we send on behalf of our customers by ensuring they are DKIM authenticated. There is no silver bullet in ensuring a high rate of email deliverability and DKIM is just one of the layers that help deliverability from a technical perspective. The Genius Email Deliverability and Abuse team in addition to DKIM ensures high rates of deliverability through close and proactive management of its customers email campaigns, education and best practices.

PS: feel free to contact me with comments and suggestions and email delivery related topics you'd be interested in learning more about.

So this was bound to happen with a web email provider and I am glad to see it. Just like in many email clients that you have on your computer these days (Thunderbird, Apple Mail, Outlook, etc) you can now better manage the copious amounts of different inbound information that comes to you (Email, RSS, Blog alerts, etc)

So a few of us have heard for months now that Yahoo! and Return Path were up to GOOD, but what who knew. Well the news hit last week and we are excited to hear that in the first week of January, Yahoo! will be using the Sender Score Certified program in its filtering decisions. Sender Score Certified members will receive preferential treatment in reaching the inbox at Yahoo! Mail.

We got informed by one of our customers that he got removed from his own newsletter and our logs stated that the reason was the feedback loop. We’ve begun to analyze the content of the complaints and it has turned out that Yahoo had started to a add couple of headers to their messages.

Here’s a sample:

X-IP-SENDER: 98.136.44.45
Received: from [216.252.122.216] by n77.bullet.mail.sp1.yahoo.com with NNFMP; 27 Oct 2008 03:48:09 -0000
Received: from [69.147.65.166] by t1.bullet.sp1.yahoo.com with NNFMP; 27 Oct 2008 03:48:09 -0000
Received: from [127.0.0.1] by omp501.mail.sp1.yahoo.com with NNFMP; 27 Oct 2008 03:48:09 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 939505.70691.bm@omp501.mail.sp1.yahoo.com
Received: (qmail 63926 invoked by uid 60001); 27 Oct 2008 03:48:09 -0000
Message-ID: <20081027034809.63924.qmail@web46108.mail.sp1.yahoo.com>
X-YahooUserId: REDACTED
X-YahooUserIP: 124.13.176.52
Date: Sun, 26 Oct 2008 20:48:09 -0700 (PDT)
From: yahoo mail bot
Subject: NOTSPAM: Top Dog Trading Video #2
To: notspam@mailservices.yahoo.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

The Subject and To fields are most interesting. The Subject has the original message’s subject prefixed with “NOTSPAM:”. The To field seems to match the subject. After noticing this we started to browse different complaints. It turned out that after since October 25th the majority of Yahoo complaints has those new headers present.

Except the notspam@mailservices.yahoo.com address we found out that some of the complaints had the To set to possiblespam@mailservices.yahoo.com.

The notspam@mailservices.yahoo.com email address was added in the To field only between October 25th and October 30th. We have checked this across multiple servers. We still see some amount of the possiblespam@mailservices.yahoo.com in the To field and it seems to be the new standard as the number of messages with the old header-less format is minimal.

The question this brings up is whether Yahoo hasn’t sent us the data of people that were clicking “This is NOT spam” and instead of removing those email addresses from the list we should restore them as they were actually good subscribers. I’m talking about the interval between October 25th and October 30th.

Some of our customers and industry specialists reported that there was a drop in the average number of complaints coming from Yahoo’s feedback loops at the end of October. After a couple of days things went back to normal. Maybe this has also something to do with this. Obviously they were making some substantial changes in their system.

I just wouldn’t like if our customers lost some good subscribers because of this.

Has anyone noticed similar behavior and got similar reports from your customers? It would be great if the Yahoo team could make an official statement for sender’s, so we would know how to react.

BTW: It would be a great to see, who clicked “not spam” – this is a clear indicator that emails ARE wanted, no just the ones that are not

Yahoo kept their word.

We have posted a Yahoo FBL request for our customer
on Monday and the FBL was granted the same day!

A wonderful news for all marketers that have setup
new services after the Yahoo FBL was taken down.

Apply slowly not to swamp the Yahoo team.
They surely are busy guys.

Keep up the great work Yahoo!

A few days ago, I posted a comment on a Yahoo delivery issue I encountered. A few persons emailed me to have more info on how we solved this issue at m--x--m. This is the purpose of this post. I will describe how a new company overcame recent delivery issues with Yahoo Mail. I hope this will be useful to others.

Context
I am an engineer for m--x--m, a new email delivery company. We use a number of new ways to deliver emails and we mostly focus on transactional and newsletter emails.

Problem
With no increase in deliveries, nor in user complaints (as inferred from other FBL since we could not get one from Yahoo), we got completely blacklisted on Yahoo with the following message.

Aug 31 14:06:36 dserv128-mtl3 m--x--mail/smtp[8516]: 4D7F314C86A3: host e.mx.mail.yahoo.com[216.39.53.1] refused to talk to me: 421 Message from (xx.xx.xx.xx)temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html

We kept having this message and sometimes some messages were delivered... directly in the junk folder.

Therefore I started investigating and understood a few tricks.

What I have understood so far
Some of this points may be out of date. Please share with us any of your insight in the comment.

1. Yahoo does not offer anymore a FBL. This is the root of most issues.


2. Yahoo's filtering system is not compatible with the way most MTA handle their retries. In practice when a minor delivering issue arises, it can sometimes blacklist completely the IP.
   
3. Yahoo uses the following graduation when dealing with a temporary blocked IP:
   
   

   [TS01] -> [TS02] -> regular deferred message. (you will find these messages in your logs)
   
   

   Your goal is to stay at TS01. I did not find a way to go back from TS02 to TS01, so be careful.



4. When encountering a serious delivery issues, Yahoo wants you stop delivering for four hours. Doing so seems to reset Yahoo's « reputation counter ».


5. It seems Yahoo signals sometimes user complaint even without FBL. This happens when you see a « deferred » error message only for a specific user (while other emails to the same MX are still delivered).


6. Yahoo ends the block progressively, you can send before the end of the four hours but you take the risk to reduce your reputation.


7. Yahoo filtering algorithms seems to be of the form number of user complaint per unit of time -- as opposed to a percentage formula (like Hotmail for instance). For instance, 100 user complaints might trigger a block even if they happened on 100 million emails.

In a nutshell, Yahoo asks for a very specific way of handling delivery. Misconfigured MTA can actually cause a permanent block; the problem is most MTA are configured not to respond well to their temporary blocks.

Solution
I wrote a MTA dedicated for Yahoo delivery (our delivery architecture is very flexible in this aspect). Its main points are:

1. When presented with a 4XX.*deferred error, it equates it to a user complaints.


2. When presented with a TS01 message, it stops delivery for four hours on this MX DNS (but it keeps going on the others).


3. It smoothen deliveries so there is no burst (which might overcome the user complaint quota).


4. It uses a cluster of « smart shared IP » to ensure delivery even when temporary blocked.


5. It uses a smart backoff algorithm to increase a lower user complaint per unit of time.

This solved of all issues and even now we keep using this solution. If you encounter further problems with Yahoo, please let us know, we might be able to assist you.

This post was written in collaboration with Krzysztof Jarecki and Nicolas Toper (http://www.m--x--m.net) based on an idea from Krzysztof.

It is rumored that Yahoo is using some new reputation services that feed data into their filtering systems. Some people around are reporting odd behavior with Yahoo sends. I wanted to ask if anyone sees any impact on the delivery?

There were also rumors that Yahoo will partner with Return Path... Maybe it's that misterious reputation monitoring service?

Update your targeting groups and bounce handling - Yahoo! is offering two new domain names for new users other than the traditional yahoo.com. They are reviving the old rocketmail.com domain as well as a new ymail.com domain.

I've gotten a few calls from concerned folk who say that they suddenly and without warning lost their Yahoo whitelist at midnight a few nights ago. IPs that had previously been whitelisted with a good reputation are being treated as if the are not whitelisted.

I have not heard of any official response from Yahoo yet.

Please post to the comments if you are affected by this or have any information. You can post with your name on it or anonymously.

For a few months now, I've heard growing frustration with deliverability at Yahoo! They have had capacity issues that affected senders with good reputations and bad reputation alike. Many senders with other deliverability challenges are not finding the Yahoo! staff to be very responsive.

Not accepting new applications for the feedback loop or whitelist exasperates the situation. It's hard for a new sender to develop a good reputation without being able to remove subscribers who complain and monitor their performance.

But with everything going on, what do you expect? They have had big layoffs and are understaffed. They have lost some great people like J.D. Falk (now at ReturnPath). And to put the cherry on top, the company's fate is uncertain - will they merge with Microsoft? partner with Google? Take an investment from Newscorp / MySpace?

When things are this volatile, productivity drops. People who are worried about their jobs have trouble focusing and spend lots of time thinking about their future. It's easy to get discouraged when you are under-resourced and feel under-appreciated and don't see any light at the end of the tunnel.

I'm not in Yahoo's offices and can't say for sure that is the cause, but having sold a company or two I would be surprised if this wasn't having a major cause of the challenges many senders are facing with deliverability to Yahoo!

What is the take away?

Don't get mad at Yahoo
Don't get mad at people who work at Yahoo
Don't hold your breath waiting for Yahoo to fix your problems