Login Enterprise
Speak to an Email Marketing Expert
877-789-ELITE (3548)

The past few days have been pretty tumultuous for the email marketing world, and that’s putting it lightly. In a surprising move, Yahoo decided to switch up how it handles email verification, leading to a major headache for brands that use this domain to send out promotional messages to customers. If this is news to you, don’t worry – it is to most of the rest of the industry as well. To help catch you up to speed, here’s a quick rundown of what happened and what you need to do to make sure you stay in contact with every member of your mailing list.

What Happened Exactly?

As part of a new approach to email, Yahoo augmented its Domain-based Message Authentication, Reporting and Conformance (DMARC) reject policy. Basically, that’s a fancy way of saying that emails sent to the people on your list en masse from an @yahoo.com address – or the @yahoo.ca, @ymail.com, and @rocketmail.com variants – might get bounced or rejected under the new authentication policy. The reason why? Because they’re coming from an outside platform and not directly from Yahoo’s servers. Currently, the known providers bouncing these messages include Yahoo, Gmail, Hotmail, and Comcast.

Why’d Yahoo Do This?

Yahoo did this to break mailing lists and ruin email marketing, right? Not exactly. While it is a bit of a roadblock for brands currently using these addresses, this wasn’t the plan behind the change. Actually, Yahoo’s reason for making the switch centers on spoofing attacks made against its millions of users – the mass amount of bounces is an unfortunate side affect that’s part of a larger plan for enhanced security. From that perspective, it’s pretty hard to blame Yahoo, but it doesn’t make it any easier for companies to deal with the fact that these emails are now running right into an authentication brick wall.

Protecting Your Mailing Lists Moving Forward

Now that you’re all caught up, it’s time to build a rebound plan and get back in touch with your audience. First on the list – stop sending out emails with a Yahoo reply address. These messages never make their way to your mailing list members’, as they will only continue to bounce. Once you’ve got this under control it’s time to make a switch with which domain you use.

If you’re thinking short term, there’s plenty of free options out there that don’t currently set off the Yahoo red alarm, like Hotmail or Gmail. However, there’s no guarantee that Yahoo’s new DMARC configuration isn’t the start of a new trend among all the major email players. To permanently protect your ability to show up in your subscribers inboxes, you’re going to have think a little more long-term. What this means is going with a domain that you own or operate to prevent any future hiccups like the one inadvertently caused by Yahoo’s attempts to cut down on all the real junk mail.



When it comes to email marketing, a security breach like the one that recently hit Yahoo isn’t just an interesting piece of news — it’s a seismic event that sends ripples throughout the industry and leaves everyone, especially those who use Yahoo’s services, wondering what happens next. The bottom line? These types of cyber-attacks aren’t going away any time soon.

Security attacks are unfortunately becoming a more regular occurrence,” said Jay Rossiter, Yahoo’s senior vice president for platforms and personalization products.

What Happened?

On Jan. 30, 2014, Yahoo announced that hackers, from an undisclosed third-party source, used stolen passwords to break into numerous accounts and steal private information related to recently sent and received emails as well as contact lists. While the execs at Yahoo didn’t give a number for how many accounts faced this issue, it’s probably safe to assume that a significant amount of users were affected, otherwise it wouldn’t have turned into a major news story. (Some estimates put the number of computers affected by the attacks at up to 2 million.)

How Did the Hackers Get User Information?

So how did the hackers break in? It looks like all of this started with breaches on other platforms. Basically, the hackers compromised accounts on other sites, like Netflix and Facebook, and used the login information from these sources to then kick down the doors of users’ private Yahoo inboxes. The worst part about all of this is that if these reports truly outline how the security breach happened, it could have easily been avoided by using one of the most basic Internet security tips in the book – don’t use the same password twice. This concept fits into pretty much every blog or article on basic web security, but the invasion of private Yahoo accounts just drives home the point that some of us simply don’t listen.

Yahoo’s Response to the Breach

Considering that the breach might not have even come from a security lapse or breakdown of Yahoo’s technology, there wasn’t actually much that the Internet giant could do for those who were compromised, outside of ask them politely to change their passwords. Aside from that, the company has also discussed implementing additional layers of verification to the login process. Unfortunately, for the Yahoo execs and administrators, this probably won’t do much to deter the remaining portion of the user base that still thinks having a single-step login is a good idea.

Are You at Risk?

The short answer to this question is yes – if you use Yahoo for your email services. If your account was one of the many that was compromised, then you’ve probably already heard from Yahoo. However, simply interacting with others who fall into this category could lead to an indirect association with the attack. Essentially, by being on the contact list or recently having an email chat with an affected user, your email address and any other personal info stored in the contact list could be compromised. However, you should be okay as long as you avoid opening any suspicious emails and incorporate strong, and different, passwords across your various web accounts.

Yahoo’s Image Moving Forward

Now, Yahoo’s brand is left with a little mud on its face. If the claims of a third-party network intrusion are true, then the focus could shift to the security habits of this undisclosed company, or companies, and how they let user information fall into the hands of hackers and malicious programs.

Lasting Effects for the Email Industry

For those who work in the email marketing industry, as well as people who simply enjoy using email to connect with others, these types of events can really create some serious backlash. Consumers never want to lose control of their private information, and when it happens, you can expect them to tighten up on whom they communicate with and how these communications occur. That being said, if you already have an established contact list that knows and trusts your brand, you should be good to go. It’s the new customers who might be a little hesitant, but that’s only to be expected. With a little time, patience, and a continued focus on high quality email marketing content, your campaign can weather this storm and keep right on moving past any potential pitfalls along the way.



Back on June 12, Yahoo made an announcement on their Tumblr page saying that if you haven’t been able to get the Yahoo Mail ID you’ve wanted, you may soon be able to get it!

This is because starting on July 15, they will begin to close accounts and then shortly afterwards release them back into the wild for anyone new to register.

The current plan calls for accounts that have not been access for 12 months to be closed on July 15. Then, in the middle of August, that address (or Yahoo ID) can be registered by someone else.

For Yahoo users, this means if you haven’t logged into your account in a while, you should do so quickly otherwise it might be gone…. along with anything associated to that account.

For email marketers, especially as this cut off date looms closer, this could have a potential impact on your deliverability.

Starting on July 15, you may notice an increase in hard bounces to @yahoo that were shut down as a result of this purge that Yahoo is hoping will help revitalize it’s email platform.

Increased bounces can hurt your deliverability as obviously the goal is to keep bounces as low as possible. A worse potential side effect is that an account is claimed by someone new (who has not opted in with you) and then you send them an email because you don’t realize that the account belongs to someone new.

While on the surface this sounds like it could be a scary thing for email marketers (..quick everyone panic!), Yahoo is saying the situation is not so dire or drastic, and here’s why….

According to existing Yahoo Mail policies, if an account has not been logged into for 6 consecutive months, it is deactivated already. So, even though this “July 15″ date sounds like a big cut off, if you’ve been emailing inactive Yahoo accounts (shame on you), you would have noticed hard bounces showing up in your reports anyway. Assuming you are properly clearing your bounces (Note: This is done automatically for Elite Email customers when there is a hard bounce) your list should already be clean of any addresses caught in this big upcoming purge.

The other thing Yahoo has made public is that only 7% of the Yahoo IDs being retired are tied to an email account. To put this in context, many people have registered a Yahoo ID for something like Y! Messenger or (my personal favorite) Yahoo Fantasy Sports. These ID’s will be closed and made available again, but since there was never an active email account, it shouldn’t be on anyone’s mailing list and will therefore have no impact on email marketers.

All email marketers should take a close look at their reports on and after July 15 to see if there is any impact from this Yahoo action. And, if you see a spike in bounces, it might very well be related to this.

That being said, if you are frequently sending out emails, I really do not anticipate this will be a problem. Any inactive accounts already would have been removed.

The only people who might get caught in a situation where this does have a big impact are those that send emails really infrequently. For instance, if you only send out emails in December during the holidays and ignore the rest of the year (…not sure why you’d do that?!?!) then it’s possible you would have missed the chance to catch inactive Yahoo accounts already. So, you need to be extra careful because when you go to send your next mailing in December, (A) You might have increased hard bounces & (B) You run the risk of sending spam to someone who has claimed a previously inactive email account. With that in mind, I would definitely recommend sending an email sooner rather than later so you can capture the reports before Yahoo releases these ID’s back into the wild.

Yahoo has said that they will attempt (probably through the list-unsubscribe header) to unsubscribe from mailing lists during the transition period when the account is closed and before it can be registered again.

One other thing worth mentioning related to Yahoo’s actions is that there has been some criticism that this could pose a security risk. If on July 1 an account belonged to Person A, that same account on September 1 might belong to Person B. So, any emails such as a statement, invoice, password reminder, etc.  might go the the wrong person. Obviously we’d all like to think that someone would have updated their profile with any important company/vendor that is sending them emails, but there’s also a chance something slips through the cracks. Yahoo has stated that it has put in place safeguards to prevent this, but there remains some chatter over the security concern.

Yahoo Deleting Inactive Accounts

© 2013 Elite Email Inc. Blog Admin