It appears that Yahoo! is going on the record as being strongly anti-SPF in more ways than one.

In addition to not providing SPF records for their own domains, within the past week, SBC/Yahoo! implemented port 25 filtering on their dynamic IP DSL service accounts.  This means that if you are connecting from an SBC/Yahoo! DSL account, you *MUST* use their SMTP servers, or your outgoing mail will not go through.

Yes, I know that SBC/Yahoo! is certainly not the first misguided ISP to do this... but the fact that they have NOT blocked port 25 up to this point is the very reason that we have been sending a lot of business their way.  We had to immediately pull our SPF records earlier this week and go into "mad scramble" mode to get about 80 of our clients switched-over to SBC/Yahoo! SMTP servers for sending mail.  We certainly didn't want to do this, but had no other choice.

They supposedly have an "opt-out" of port 25 filtering.  I tried it, and it is completely meaningless.  They even sent an email message back to me stating that the opt-out does NOT mean that you can use your own SMTP server, you have to continue using the SBC/Yahoo! SMTP server.  So, what the **** is the purpose of an opt-out if you're not really able to opt-out of anything?!

Of course, I expect SBC/Yahoo! to stubbornly hold their ground, as large ISPs generally do in cases like these (example: Verizon's opposition to anti-spam efforts such as the well-known "empty mail FROM" issue).  Unfortunately, SBC/Yahoo! is so large that the departure of these 80 or so client accounts to a different ISP won't even be noticeable to them.

This is just nuts.

Am I missing some technical issue that escapes me? I continue to get spam and phishing from Ebay and Paypal and if they simply added SPF records wouldn't this just go away for any one using SPF lookups ?

What is wrong with these people ?

 Lee

 

I'm not so suprised to hear that Yahoo! doesn't implement SPF.  They're trying to promote DomainKeys - their own email anti-forgery measure.  DomainKeys does have its plusses and minuses...

On the plus side, DomainKeys adds a digital signature to an email - not only ensuring that the message came from the alleged domain, but guaranteeing that the message content wasn’t changed by any mail server along the way.

On the down side, it requires just a bit more prep-work than SPF does.  Again, it simply starts with adding info to your DNS (including public key(s)).  Unlike SPF, all of your outgoing mail servers have to be given private key(s), and need to begin signing messages according the DomainKeys policy – which may require additional software or plug-ins on your mail server(s).

The nice thing about SPF is that, supposing that your users don’t send mail from home without authenticating, you can publish your own SPF record without your mail servers needing to know anything about SPF.  But even with the extra work, DomainKeys does have its advantages.