Yahoo Mail not accepting inbound mail

I'm seeing multiple reports of this today-- it sounds pretty widespread. Mail to Yahoo is being deferred due to an internal system issue on the Yahoo side of the connection. My own MTA logs are filling with "451 4.3.2 Internal error reading data" errors.

Reports on the Mailop mailing list suggest that the issue started around 7:00 am US central time on Sunday, March 20th.

Update: As of 1:50 pm US central time, I see that some mail must be getting through for some folks. My primary Yahoo seed mailbox is populated with a new message every few minutes or so. But volume is a lot lower than usual and mail is still backed up on my sending server.

Final update: Multiple sites are reporting that as of about 2:00 pm US central time, Yahoo seems to be accepting all mail again. My queues are empty and all of my earlier-sent test messages have now been delivered to my Yahoo seed mailbox.

New: Check Auth Status with XNND

Need to check the authentication status of your email sends? Wondering if you've got TLS, DKIM, and SPF configured properly? Here's an easy way to tell. Using your email platform or email service provider, send a message to authentication@wombatmail.com. Then, after a few minutes have passed, your email message will be added to the list of messages over on the XNND Authentication Page at http://xnnd.com/authentication/ and you'll be able to see whether or not your mail message was signed with a working DKIM signature, whether or not it passed SPF authentication, and whether or not TLS was used during mail transport. Any questions or feedback? Feel free to drop me a line in email or in comments.

Yep, that's about right.


H/T: @mattindy77

Sender ID Doesn't Matter in 2016

Sender ID didn't actually come on a cassette tape.
Once upon a time, Sender ID was a sort of Hotmail-specific version of Sender Policy Framework (SPF). It used to be valuable and necessary to maximize your chances at getting solid inbox deliverability at Hotmail. There used to be these tricks you had to do; like, if mail was being silently discarded at Hotmail, you'd have to manually submit your Sender ID record to them via a webform, and we knew that this would eventually lead to improved deliverability.

But that's all super old news at this point. Hotmail -- I mean Outlook.com -- has long switched over to checking DKIM and SPF like so many other large email and webmail providers.

There's no harm if you're still publishing a Sender ID record, but if you're planning to set one up when configuring your new domain, don't bother. SPF and DKIM are where it's at in 2016.

The spam map of the United States

Over on Betanews, Ian Barker asks: "What do California and New York have in common? They're both major centers of spam email according to new research, between them accounting for almost half of spam sent in the US."

Over here on Spam Resource, I ask: What do Utah and Michigan have in common?  Two things.

First, according to that Betanews article referencing data from Comodo Threat Research Labs, these two states both make the top five list of states as sources of spam. Utah is third and Michigan ranks fourth.

Next, both states were convinced to implement "Child Protection Registry" services over ten years ago. Register your child's email address, and all good, legal, ethical senders of mail advertising anything "grown up" in nature (think alcohol and cigarettes, for starters) will be sure to scrub those addresses out of their list. The net, it was proposed, is that minors in those two states would be spared from receiving email advertising for products they're not supposed to have access to until adulthood.
Interesting idea. Except that the implementation of it was pretty awful. "Painfully bad," wrote Return Path way back then. The scrub process cost money and was clunky. Perhaps it is still clunky, but instead of bothering with it, lots of compliance folks started suggesting just asking, at the time of signup, what state a subscriber is in, and if they answer with Utah or Michigan, don't send to them if you advertise or sell those kinds of products. So I haven't personally heard of anybody having to go through the scrub process in years. (Have you?)

The only upside was perhaps for the company chosen to run the registry in both states (Unspam) -- maybe they made some money from it.

But it didn't do a damn thing to stop spam, because, as predicted by many, only good guys who wanted to comply with the law would follow through (or avoid those two states). All the bad guy spammers who probably already break the law, who don't care about permission, they keep on spamming adults and children alike.

Correlation is not always causation, and these two data points don't really overlap. But it does seem that both states biffed it two different ways when it comes to stopping spam.

Small scale, unsolicited, and sustainable...

My friend and deliverability colleague Josie Garcia sent me this picture yesterday. It's a picture of her printout of a specific page from this blog, from sometime around a hundred years ago. Specifically, it's a post from 2007, where I replied to and rebutted a "cheeky" marketing guy who thought that whole permission thing was overrated. "It's document shredding day here, but I'm keeping this gem," Josie mentioned.

Mr. Cheeky popped up at the time to tell me that he was doing great. He indicated that his "small scale, unsolicited and sustainable" non-permission model was working wonders for him. But what about since then? Not surprisingly, he seems to have moved on to a new career; his blog is long shuttered. But my friend reminds me that what I posted back in 2007 remains solid advice now: Permission rules. If you don't respect permission, you're a spammer, dummy. Forget insults and bad feelings, no permission means you're going to have problems getting your mail delivered to the inbox reliably.

Why listen to us? Josie and I have only been doing this sort of thing for something like fifteen years. Meanwhile, every year, some new cheeky marketing dude wanders by, trying to tell everyone that, all the data and history and experience notwithstanding, permission is suddenly overrated and they've found the One True Other Way...yet mysteriously, they don't seem to be in it for the long haul.

Hmm. Wonder why.