Industry Updates

AOL confirms move to shared mail infrastructure with Yahoo

Last week I wrote about the changes taking place at major email providers, specifically the convergence of AOL and Yahoo’s mail servers. Today on their Postmaster blog, AOL issued confirmation of these changes. The statement indicates the “majority of AOL’s MX records” will be routed to the new combined mail servers with little if any visible impact to senders.

The message also assured senders that established feedback loops (FBLs) should continue to function without interruption. While AOL notes that issues are unlikely, if you see any abnormalities postmaster@aol.com remains the best way to reach out for assistance.

– BG

Industry Updates

Changes

bowie-change
courtesy securosis.com

New year, new you…that’s what they always say, right? Just a few weeks into 2018, it seems like some of the big 4 ISPs (soon to be Big 3?) are really taking that concept to heart.

Microsoft’s major migration of Outlook.com to the Office365 backend was technically completed in 2017, but based on feedback from senders in industry groups delivery issues still abound. The indications from MS are that the mail handling and filtering infrastructure are a work in progress, but no formal statement has been issued to that end. Some senders have stated MS support is unable to provide remediation for many of these issues, even though there may be backend adjustments taking place. If you’re having trouble getting mail to Microsoft, just know you’re not alone and that someone over there is paying attention.

Verizon ended its own webmail service last year, and consolidated its AOL and Yahoo brands under the Oath moniker. AOL and Yahoo’s email services have remained separate thus far, but indications are that will change in the next few days. It’s been reported that the merger of these mail platforms starts in earnest on or around February 1st. As of that date, mail to AOL will be routed and handled by the Yahoo mail servers. To me this sounds a bit like the SBCGlobal arrangement between AT&T/BellSouth and Yahoo, wherein one provided the mail interface while the other handled the mail routing and filtering. At this time, no formal announcement has been made, so we’ll have to sit tight to find out exactly what this means for sending to AOL recipients.

– BG

Industry Updates, Privacy & Security

500 million Yahoo users compromised in “worst hack in history”

tumblr_inline_nww8j3j32c1tnywua_1280On Thursday, Yahoo issued a statement confirming that at least 500 million users’ account data had been compromised in late 2014, supposedly by a “state sponsored actor,” or an individual hired by some governmental body to carry out the hack.

According to the statement, the data “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords …and, in some cases, encrypted or unencrypted security questions and answers.” Yahoo indicates no financial data was breached.

Users who had or used Yahoo services, including Mail, Flickr, Fantasy Sports, and others, during that timeframe are being advised to change their passwords for Yahoo and any other services that may use the same login credentials, as well as changing security questions for other services.

Lots of questions surround this breach, with one of the most notable being why Yahoo waited so long to announce the hack. Many speculate information was concealed to prevent souring the sale of Yahoo to Verizon. CNN reports that Verizon learned of the hack for the first time this week.

As email senders and recipients, most of us care much less about Yahoo and Verizon’s financials than about potential fallout from the breach including identify theft, spam email, and even blackmail. Even if credit card data wasn’t stolen, the hackers now have personal information about millions of Yahoo users, including answers to some of the questions most commonly used to verify their identity.

Yahoo’s wait to announce the hack could mean the greatest damage has already been done: hackers often act quickly with stolen data, selling or sharing it quickly to outrun detection attempts. However, if the breach truly was initiated by a foreign government, the motivation may not be so clear.

Yahoo has said they are cooperating with Federal authorities to investigate, and it’s a safe bet we’ll hear more details as the investigation continues.

– BG