AOL and Yahoo made changes to its email policies this month that will cause messages sent by some of their users to not be delivered.
The changes have to do with the companies’ DMARC email specification policies, and they are being adopted to prevent spammers from sending messages out of fake email accounts that are made to look like ones served by Yahoo and AOL.
Spamming from these types of accounts is known as “spoofing.”
Yahoo made the change earlier this month and was followed on Tuesday by AOL, which adjusted its policy after many of its users complained spammers were sending messages to their friends and contacts from accounts that looked like their own. In some cases, spoof spam was being sent from email accounts that had been deleted by users long ago.
But while the DMARC changes will circumvent spoof spam, it will also cause headaches for users whose email messages will no longer be delivered, said John Levine, an expert in email infrastructure.
Among those who should expect to be affected are users who send messages from Yahoo and AOL addresses that don’t actually come from Yahoo and AOL.
What this means, for example, is that if a user is sending a message from a Gmail or Hotmail account but has set the “From” address to be listed as a Yahoo or AOL account they own, that message will now be rejected.
Users who do this kind of practice should stop sending their Yahoo and AOL messages through other email providers or they will not be delivered to the intended recipients.
Levine said Yahoo’s and AOL’s decisions to change their DMARC policies is not ideal because it will cause headaches for so many users.
Unfortunately, the changes had to be made because in all likelihood hackers stole users’ contact lists from Yahoo and AOL, said Levine, who co-wrote “The Internet for Dummies.”
That is why many of these messages are being delivered to recipients’ inboxes and not their junk mail -- they come from email addresses that are in users’ contact lists, tricking email providers into not recognizing the messages as spam.
Earlier this year, Yahoo acknowledged its email service had been hacked, and all signs seem to indicate that AOL Mail was also hacked -- something the company declined to comment on when asked.
For users whose email addresses have been spammed or those who will be affected by Yahoo and AOL’s DMARC changes, Levine recommends they switch to another email provider, such as Google’s Gmail. Levine said Gmail appears to be more secure and more stable than either Yahoo or AOL do at this point.
“Things are really in flux,” he said. “That’s the best advice I can give you right now, but next week, things might be different.”