Why AOL Email is Bouncing: AOL Copies Yahoo’s DMARC Policy

AOL has just announced that they are following Yahoo’s suit in telling the email-receiving world to reject (bounce) any email that has an aol.com “from” address, but doesn’t actually come through an AOL mail server. The now infamous “p=reject” DMARC policy that was adopted by Yahoo a week ago, and that caused countless headaches when Yahoo email started bouncing without warning, was adopted today by AOL.

Here’s how it works (this is greatly simplifed): when a receiving email server gets an incoming email, it takes note of several things which tell it where that inbound email comes from. It notes the IP address (which it may look up on a blacklist), and it notes the “from” address, and it also notes the domains from which the email actually was sent.

Let’s say, for example, that you send your email through your Gmail account, but you have it appear to be “from” your own personal domain, example.com.

In this example, the receiving mail server will see that the email is from you @example.com, but it will also see that your email actually came through gmail.com. The receiving mail server may (should) check with the server at example.com to see whether an email claiming to be from example.com, but actually sent from another domain, is legitimate. The way it will check will be to look up in standardized text files that should exist on the example.com server, that will have “policies” published regarding their email sending policies (including things that should say, in essence, “the gmail.com server is authorized to pretend to be example.com for the purpose of sending email”).

Now, take the Yahoo setup. By publishing a policy of “p=reject” in the DMARC authentication mechanism, Yahoo is saying “when you check with us to see if an email that claims to come from yahoo.com legitimate, if it says it is “from” user @yahoo.com, but the actual sending server is not a yahoo.com server, you should reject it.

This is the change that caused all of the headaches earlier this month. Because it was unexpected, and lots of people use their yahoo.com email address as their “from” address, but actually send their email through another server.

But, if you think about it, you can see Yahoo’s (and now AOL’s) reasoning. Spammers and scammers spoof Yahoo and AOL email addresses a lot. When they do that, the email is really coming from someplace else. Suddenly a whole bunch of spam and scam email is now being rejected and bounced, instead of getting through.

AOL made the move to “p=reject” today. Now, not all receiving mail servers are DMARC compliant, but those that are will be rejecting email from Yahoo and AOL addresses that was not actually sent through a Yahoo or AOL server.

And now you know why.

You can read AOL’s announcement of AOL publishing “p=reject” in their DMARC policy here.

34
Get notified of new Internet Patrol articles!
Summary
Why AOL Email is Bouncing: AOL Copies Yahoo's DMARC Policy
Article Name
Why AOL Email is Bouncing: AOL Copies Yahoo's DMARC Policy
Description
AOL is telling email servers to reject any email that has an aol.com "from" address, but doesn't come through an AOL mail server, with DMARC's "p=reject".
Author

2 Replies to “Why AOL Email is Bouncing: AOL Copies Yahoo’s DMARC Policy”

  1. Today Yahoo Mail to Yahoo subscribers is being bounced by Yahoo, although sent from smtp.yahoo.com. Ditto mail to AOL accounts sent from Yahoo using Yahoo server.

  2. My AOL emails are bouncing even though I sent them from AOL using AOL desktop software.

Leave a Reply

Your email address will not be published. Required fields are marked *