Yahoo!, DMARC and why using a free email service as your FROM address is not a good idea

08 April 2014

Do you use a free email service as your FROM address? There’s now even more reasons not to do so: your emails could get blocked by several ISPs if they are sent using @yahoo domains.

Let’s see why.

What DMARC is and what it does

Yahoo and DMARC


DMARC is an email authentication standard that was created primarily to fight spoofing and phishing attacks.(learn more about DMARC here and here).

When a domain owner sets up a DMARC policy to reject messages not sent by them, it tells ISPs that use the DMARC “test” to reject any email that does not pass the test. The test basically says: was this email sent by the domain owner? If yes, the test is passed. If not, the ISP does what the DMARC policy says. If it says “reject those message”, it will reject them.

ISPs that have adopted DMARC (i.e. they use the DMARC “test” to decide what to do with incoming messages) include:

  • Comcast
  • Google
  • Outlook.com (Hotmail)
  • Yahoo!

What a DMARC “reject” policy by Yahoo! means to you

Yahoo! just announced that it has updated its DMARC policy to reject emails sent from some @yahoo domains. Since you don’t own the Yahoo! domain, bulk emails sent by you with a @yahoo domain will be rejected.

Specifically, if you use a generic @yahoo.com or @yahoo.eu email as your FROM address, it is very likely that the ISPs that have adopted DMARC will reject your message (including Yahoo! itself as a receiving ISP!).

It’s very possible that Yahoo! may extend the same policy to other @yahoo domains. It’s also likely that other large providers of email boxes such as Outlook.com/Hotmail, AOL, Gmail, etc. will adopt DMARC in the future. Again, their objective in adopting DMARC is to minimize spoofing, phishing, and spamming. DMARC allows them to reduce to a minimum any chances that a spammer or hacker would send a malicious or unsolicited message pretending to be them.

What should you do?

Don’t use a free email address as a sender.

Using a free email address as your sending domain is never a good idea: it’s too generic and doesn’t say enough about who you are. In order to maximize the ROI of any email marketing campaign, you need to be recognizable and trustworthy: someone glancing at the FROM address should be able to instantly recognize your company.

  • Never use a free email address as your FROM address
  • Instead, always use an address that is associated with your company (@yourCompany.com or a third-level domain like @news.yourCompany.com)
  • Don’t change it frequently, but rather use it consistently in order to build a reputation around it over time
  • Use a different FROM for different purposes, such as promotional emails (e.g. promotions@yourCompany.com) vs. transactional messages (e.g. alerts@yourCompany.com).
  • Consider adding a DMARC record to your domain yourself – just like Yahoo! and many other companies – to protect your business from potentially harmful phishing attacks on your customers. There are services like dmarcian and Return Path that can provide information, tools, etc. to get started.

If you have any questions on any of the above, let us know!

BTW: a couple of years ago we wrote a white paper on DMARC that’s still a good read on the subject.

This article was written by

Massimo Arrigoni

Massimo Arrigoni

As head of products at MailUp, I spend my days (and nights) thinking of new tools that can help marketers get the job done more effectively. In MailUp 9, for instance, we just introduced a new way for our users to collaborate on email campaigns. With beefree.io, we took our drag-n-drop email editor and turned into a stand-alone, embeddable plugin. The objective is to create tangible value, gather feedback, and push real product innovation based on it.

Related articles