Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Why does Yahoo not support SPF ?
  FAQ FAQ  Forum Search   Register Register  Login Login

Why does Yahoo not support SPF ?

 Post Reply Post Reply
Author
Lee View Drop Down
Groupie
Groupie


Joined: 04 February 2005
Location: United States
Status: Offline
Points: 50
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Topic: Why does Yahoo not support SPF ?
    Posted: 13 January 2005 at 10:42am

What is up with Yahoo and why do they not include SPF records in the dns ?

Back to Top
JimMeredith View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote JimMeredith Quote  Post ReplyReply Direct Link To This Post Posted: 18 January 2005 at 11:09pm

It appears that Yahoo! is going on the record as being strongly anti-SPF in more ways than one.

In addition to not providing SPF records for their own domains, within the past week, SBC/Yahoo! implemented port 25 filtering on their dynamic IP DSL service accounts.  This means that if you are connecting from an SBC/Yahoo! DSL account, you *MUST* use their SMTP servers, or your outgoing mail will not go through.

Yes, I know that SBC/Yahoo! is certainly not the first misguided ISP to do this... but the fact that they have NOT blocked port 25 up to this point is the very reason that we have been sending a lot of business their way.  We had to immediately pull our SPF records earlier this week and go into "mad scramble" mode to get about 80 of our clients switched-over to SBC/Yahoo! SMTP servers for sending mail.  We certainly didn't want to do this, but had no other choice.

They supposedly have an "opt-out" of port 25 filtering.  I tried it, and it is completely meaningless.  They even sent an email message back to me stating that the opt-out does NOT mean that you can use your own SMTP server, you have to continue using the SBC/Yahoo! SMTP server.  So, what the **** is the purpose of an opt-out if you're not really able to opt-out of anything?!

Of course, I expect SBC/Yahoo! to stubbornly hold their ground, as large ISPs generally do in cases like these (example: Verizon's opposition to anti-spam efforts such as the well-known "empty mail FROM" issue).  Unfortunately, SBC/Yahoo! is so large that the departure of these 80 or so client accounts to a different ISP won't even be noticeable to them.

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 21 January 2005 at 6:00pm

Jim,

Very glad to see you back on the forum.  As always, your responces are very accurate, informative and entertaining!  Besides the "Big ISP" problems, we have a big problem with (and I hope I am not insulting anyone) geeky Linux "experts" that seem to "know it all".  My latest is a web host that sees absolutely nothing wrong with setting up his customer forms to be FROM: dont-reply-to-this@no-domain.none  Literaly!  Real hard to do a dns or mx lookup on that one.  Just one stupid battle after another.

Dan S.

Back to Top
Lee View Drop Down
Groupie
Groupie


Joined: 04 February 2005
Location: United States
Status: Offline
Points: 50
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 22 January 2005 at 6:13pm

This is just nuts.

Am I missing some technical issue that escapes me? I continue to get spam and phishing from Ebay and Paypal and if they simply added SPF records wouldn't this just go away for any one using SPF lookups ?

What is wrong with these people ?

 Lee

 

Back to Top
walid View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote walid Quote  Post ReplyReply Direct Link To This Post Posted: 22 December 2005 at 11:52am

can you help me

i can not login my ac**t mail in yahoo just in my haues b c

 bot i can got it in cufe net ?

regardes

walid

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 23 December 2005 at 1:43pm
I'm not so suprised to hear that Yahoo! doesn't implement SPF.  They're trying to promote DomainKeys - their own email anti-forgery measure.  DomainKeys does have its plusses and minuses...

On the plus side, DomainKeys adds a digital signature to an email - not only ensuring that the message came from the alleged domain, but guaranteeing that the message content wasnít changed by any mail server along the way.

On the down side, it requires just a bit more prep-work than SPF does.  Again, it simply starts with adding info to your DNS (including public key(s)).  Unlike SPF, all of your outgoing mail servers have to be given private key(s), and need to begin signing messages according the DomainKeys policy Ė which may require additional software or plug-ins on your mail server(s).

The nice thing about SPF is that, supposing that your users donít send mail from home without authenticating, you can publish your own SPF record without your mail servers needing to know anything about SPF.  But even with the extra work, DomainKeys does have its advantages.

Back to Top
vrspock View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote vrspock Quote  Post ReplyReply Direct Link To This Post Posted: 26 December 2005 at 3:57pm

My feelings about anyone trying to make a better SPF, like yahoo, is that SPF is already implemented in the wild...digitalkeys is not...therefore, SPF should be the industry accepted standard regardless of any pros and cons of any other method of authenticating the source of email.

Holding back on implementing SPF because they think they've got something better would be like someone holding back on making their word processor cross-compatible with Microsoft Word because they think they have a better file format to offer.

Yahoo and these other ISP's who have yet to implement ANY anti-spoofing technologies already being utilized by a large number of third party email servers are only allowing their domain names to continue to be trashed by spammers and viruses alike.

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.

Copyright © 2002-2016 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us