Yahoo (NASDAQ:YHOO) has been at the forefront of email authentication for over a decade, and they continue to drive the industry forward. Today, Yahoo has taken the next step in their program by publishing strong DMARC policies for 62 of their international domains, listed below. These policies will prevent phishers and spammers from using these domains to impersonate Yahoo when attacking consumers.
“This a continuation of DMARC policy changes for Yahoo domains that started in 2014 with the yahoo.com p=reject policy,” wrote senior product manager Sumeet Solanki when announcing this move on an industry mailing list. “In the coming quarters you can expect Yahoo to publish similar policies for other Yahoo owned and operated domains, including more Yahoo international domains, Flickr and Tumblr.” Mail administrators with questions are referred to Yahoo’s DMARC policy page, as well as their Postmaster resource site.
“This reflects steady progress in locking down Yahoo’s entire portfolio of domains,” commented DMARC.org executive director Steve Jones. “Every organization should be setting strong DMARC policies across their portfolio to ensure that their reserved or disused domains aren’t being used by fraudsters and spammers. And whenever a domain is created or purchased, part of every organization’s processes should include publishing a policy to prevent unauthenticated messages using that domain from reaching the inbox.”
In October 2015, Google (NASDAQ:GOOG) announced that they will adopt the same strong “p=reject” DMARC policy to protect their customer-facing gmail.com domain by June 2016. AOL (NYSE:VZ) and Yahoo did this for their primary customer-facing domains in 2014, and DMARC.org expects mailbox providers large and small around the world will do the same.
Here is the list of 62 Yahoo domains included in today’s change: