[outages] yahoo

Casey Johnson casey at coloradointerlink.com
Mon Mar 11 14:30:02 EDT 2024 

Had to enable DKIM signing like Cary did. Working now.

Sent from my  iPhone.
—
Casey Johnson
Colorado Interlink LLC

________________________________
From: Outages <outages-bounces at outages.org> on behalf of Cary Wiedemann via Outages <outages at outages.org>
Sent: Monday, March 11, 2024 12:04:04 PM
To: bannereddivpool <bannereddivpool at gmail.com>; outages <outages at outages.org>
Subject: Re: [outages] yahoo

Okay, just resolved this from my end. My O365 emails were being DKIM signed but by our . onmicrosoft.com<https://us-east-2.protection.sophos.com?d=onmicrosoft.com&u=aHR0cDovL29ubWljcm9zb2Z0LmNvbQ==&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=R3p2ejFlZ2FLb2s5L1lUeG9VcFh2L2NmT0xJV2lidWFLMEd1NTVBbnREWT0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA> subdomain instead of the actual sending domain.  Headers would show dkim=pass but the DKIM domain didn't match the FROM address in our envelopes.

Had to enable DKIM signing on the custom domain in O365 here https://security.microsoft.com/authentication?viewid=DKIM<https://us-east-2.protection.sophos.com?d=microsoft.com&u=aHR0cHM6Ly9zZWN1cml0eS5taWNyb3NvZnQuY29tL2F1dGhlbnRpY2F0aW9uP3ZpZXdpZD1ES0lN&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=NSt3OGFMc2hlMDJTQWpIVDAzbTdCeTF1UEtOSENBUTZnekdBcnY0cy90WT0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA> and setup CNAMEs for the proper selectors in DNS.

DMARC reports from Yahoo helped me a ton here, but they were confusing.  They showed DKIM failed in the policy_evaulated -> disposition section but showed result = pass in the auth_results -> dkim section.

Just had my first successful email to Yahoo.com in days.  Looks like the O365 DNSRBL inclusion was a red herring.

- Cary

On Mon, Mar 11, 2024 at 1:34 PM Cary Wiedemann < carywiedemann at gmail.com<mailto:carywiedemann at gmail.com>> wrote:
Massive problems with email delivery to Yahoo and AOL today, they share a mail system on the back-end.  Microsoft issued advisory EX719348 last Thursday for their IPs being included in some DNSRBLs, and I still see some of their IPs on the Spamhaus RBL (40.107.102.127) but I'm not sure if that's the root cause.

All my emails from O365 to Yahoo and AOL have been failing since 3/7.

Lots of noise and confusion because Yahoo and AOL recently started enforcing stricter SPF/DKIM/DMARC requirements, but this seems to be unrelated.  These emails are DKIM signed, pass SPF, and have a valid DMARC record.

Still investigating, will update the list with the eventual resolution.

- Cary

On Mon, Mar 11, 2024 at 1:27 PM bannereddivpool via Outages < outages at outages.org<mailto:outages at outages.org>> wrote:
Anyone seeing any issues with yahoo email services?  I keep getting dropped;

telnet  mta6.am0.yahoodns.net<https://us-east-2.protection.sophos.com?d=yahoodns.net&u=aHR0cDovL210YTYuYW0wLnlhaG9vZG5zLm5ldA==&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=aitmVzVySnBqUzY3TVdqWGhrM0F2TEUwb1B5L3oyVmNna0pJRzlQRS9Scz0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA> 25
Trying 67.195.204.74...
Connected to mta6.am0.yahoodns.net<https://us-east-2.protection.sophos.com?d=yahoodns.net&u=aHR0cDovL210YTYuYW0wLnlhaG9vZG5zLm5ldA==&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=aitmVzVySnBqUzY3TVdqWGhrM0F2TEUwb1B5L3oyVmNna0pJRzlQRS9Scz0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA>.
Escape character is '^]'.
220 mtaproxy501.free.mail.bf1.yahoo.com<https://us-east-2.protection.sophos.com?d=yahoo.com&u=aHR0cDovL210YXByb3h5NTAxLmZyZWUubWFpbC5iZjEueWFob28uY29t&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=UXh4OFN0TCtIODE0RlFlZUx3Z3N4Ukx0U21sYmJlTE5oMzlBck1VcG4wND0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA> ESMTP ready
EHLO mail.yahoo.com<https://us-east-2.protection.sophos.com?d=yahoo.com&u=aHR0cDovL21haWwueWFob28uY29t&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=UEpxSGZMWTdtNm1QRkUrc0ZZcXNPUDdVa2NpcllDdWdpMlJWOWFwWjhOOD0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA>
250-mtaproxy501.free.mail.bf1.yahoo.com<https://us-east-2.protection.sophos.com?d=yahoo.com&u=aHR0cDovLzI1MC1tdGFwcm94eTUwMS5mcmVlLm1haWwuYmYxLnlhaG9vLmNvbQ==&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=STRvV05tZ0J4VE9sZFFVd2oyYXdEa1FWZU91eGYyM1U1ekJ5UjZva2xtcz0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA>
250-PIPELINING
250-SIZE 41943040
250-8BITMIME
250 STARTTLS
Connection closed by foreign host.

Sending from outlook and I'm getting this as well;


Diagnostic information for administrators:

Generating server: SJ2PR14MB6550.namprd14.prod.outlook.com<https://us-east-2.protection.sophos.com?d=outlook.com&u=aHR0cDovL1NKMlBSMTRNQjY1NTAubmFtcHJkMTQucHJvZC5vdXRsb29rLmNvbQ==&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=L1J1Q3Y3Vk9MSkRDNjNxZWJxcFlGNG9tTHg2QkZObHR0SU9ka1JubXBKOD0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA>
Total retry attempts: 7

sample1 at yahoo.com<mailto:babyereed2013 at yahoo.com>
Remote server returned '550 5.4.300 Message expired -> 451 [RL01] Message temporarily deferred'

sample2 at yahoo.com<mailto:jbliqemp at yahoo.com>
Remote server returned '550 5.4.300 Message expired -> 451 [RL01] Message temporarily deferred'

Original message headers:

_______________________________________________
Outages mailing list
Outages at outages.org<mailto:Outages at outages.org>
https://puck.nether.net/mailman/listinfo/outages<https://us-east-2.protection.sophos.com?d=nether.net&u=aHR0cHM6Ly9wdWNrLm5ldGhlci5uZXQvbWFpbG1hbi9saXN0aW5mby9vdXRhZ2Vz&i=NWM2NmQ4MGVmMGQyZjYxNmUwOGU4ZDIw&t=Q29YbzM0LzQ2Q0tyYzFycEFUQWFNUXBOb2lVYzR0bzdSYm84SXlJRFF4az0=&h=989758b7bcca4d3aba5e865a6b230530&s=AVNPUEhUT0NFTkNSWVBUSVa4W_XrGtx3Ajnr7Zxyq0IQZFZgu8f9tPFF4SoRdZDJkA>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20240311/1a72d2f5/attachment-0001.htm>

More information about the Outages mailing list