Print Page | Close Window

Why does Yahoo not support SPF ?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=4969
Printed Date: 21 November 2017 at 12:36pm


Topic: Why does Yahoo not support SPF ?
Posted By: Lee
Subject: Why does Yahoo not support SPF ?
Date Posted: 13 January 2005 at 10:42am

What is up with Yahoo and why do they not include SPF records in the dns ?




Replies:
Posted By: Guests
Date Posted: 18 January 2005 at 11:09pm

It appears that Yahoo! is going on the record as being strongly anti-SPF in more ways than one.

In addition to not providing SPF records for their own domains, within the past week, SBC/Yahoo! implemented port 25 filtering on their dynamic IP DSL service accounts.  This means that if you are connecting from an SBC/Yahoo! DSL account, you *MUST* use their SMTP servers, or your outgoing mail will not go through.

Yes, I know that SBC/Yahoo! is certainly not the first misguided ISP to do this... but the fact that they have NOT blocked port 25 up to this point is the very reason that we have been sending a lot of business their way.  We had to immediately pull our SPF records earlier this week and go into "mad scramble" mode to get about 80 of our clients switched-over to SBC/Yahoo! SMTP servers for sending mail.  We certainly didn't want to do this, but had no other choice.

They supposedly have an "opt-out" of port 25 filtering.  I tried it, and it is completely meaningless.  They even sent an email message back to me stating that the opt-out does NOT mean that you can use your own SMTP server, you have to continue using the SBC/Yahoo! SMTP server.  So, what the **** is the purpose of an opt-out if you're not really able to opt-out of anything?!

Of course, I expect SBC/Yahoo! to stubbornly hold their ground, as large ISPs generally do in cases like these (example: Verizon's opposition to anti-spam efforts such as the well-known "empty mail FROM" issue).  Unfortunately, SBC/Yahoo! is so large that the departure of these 80 or so client accounts to a different ISP won't even be noticeable to them.



Posted By: Desperado
Date Posted: 21 January 2005 at 6:00pm

Jim,

Very glad to see you back on the forum.  As always, your responces are very accurate, informative and entertaining!  Besides the "Big ISP" problems, we have a big problem with (and I hope I am not insulting anyone) geeky Linux "experts" that seem to "know it all".  My latest is a web host that sees absolutely nothing wrong with setting up his customer forms to be FROM: mailto:dont-reply-to-this@no-domain.none" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - dont-reply-to-this@no-domain.none   Literaly!  Real hard to do a dns or mx lookup on that one.  Just one stupid battle after another.

Dan S.



Posted By: Lee
Date Posted: 22 January 2005 at 6:13pm

This is just nuts.

Am I missing some technical issue that escapes me? I continue to get spam and phishing from Ebay and Paypal and if they simply added SPF records wouldn't this just go away for any one using SPF lookups ?

What is wrong with these people ?

 Lee

 



Posted By: Guests
Date Posted: 22 December 2005 at 11:52am

can you help me

i can not login my ac**t mail in yahoo just in my haues b c

 bot i can got it in cufe net ?

regardes

walid



Posted By: sgeorge
Date Posted: 23 December 2005 at 1:43pm
I'm not so suprised to hear that Yahoo! doesn't implement SPF.  They're trying to promote http://antispam.yahoo.com/domainkeys - DomainKeys - their own email anti-forgery measure.  DomainKeys does have its plusses and minuses...

On the plus side, DomainKeys adds a digital signature to an email - not only ensuring that the message came from the alleged domain, but guaranteeing that the message content wasnít changed by any mail server along the way.

On the down side, it requires just a bit more prep-work than SPF does.  Again, it simply starts with adding info to your DNS (including public key(s)).  Unlike SPF, all of your outgoing mail servers have to be given private key(s), and need to begin signing messages according the DomainKeys policy Ė which may require additional software or plug-ins on your mail server(s).

The nice thing about SPF is that, supposing that your users donít send mail from home without authenticating, you can publish your own SPF record without your mail servers needing to know anything about SPF.  But even with the extra work, DomainKeys does have its advantages.



Posted By: Guests
Date Posted: 26 December 2005 at 3:57pm

My feelings about anyone trying to make a better SPF, like yahoo, is that SPF is already implemented in the wild...digitalkeys is not...therefore, SPF should be the industry accepted standard regardless of any pros and cons of any other method of authenticating the source of email.

Holding back on implementing SPF because they think they've got something better would be like someone holding back on making their word processor cross-compatible with Microsoft Word because they think they have a better file format to offer.

Yahoo and these other ISP's who have yet to implement ANY anti-spoofing technologies already being utilized by a large number of third party email servers are only allowing their domain names to continue to be trashed by spammers and viruses alike.




Print Page | Close Window