Over on the Word to the Wise blog, Laura Atkins points out that Yahoo has recently implemented a new DMARC policy of "p=reject." This has made choosing the right from address more important than ever.

Briefly explained, DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical specification for email messages that allows the owner of a domain name to specify under what circumstances their domain name may be used in the from address of an email message. The initiative was spearheaded by a number of financial institutions, big brands and large Internet service providers (ISPs). We here at the ExactTarget Marketing Cloud have supported DMARC since shortly after it was made public.

DMARC is a valuable anti-phishing mechanism. It lets somebody like Yahoo tell other ISPs to reject mail that claims to be from a Yahoo user, if it didn't actually come with appropriate authentication measures asserting that a given mail actually originated from infrastructure allowed to serve mail on behalf of Yahoo. In other words, it allows Yahoo to set a policy that defines certain kinds of Yahoo messages as legitimate, and certain kinds of Yahoo-referencing messages as illegitimate, and that policy tells the world to reject the illegitimate ones.

As Laura goes on to explain, Yahoo's choice of a "p=reject" policy can cause challenges for other internet users who might have a Yahoo account or use Yahoo services. Even if you don't think you're sending illegitimate messages, this new policy could classify your messages as illegitimate and cause them to be rejected.

If you send mail and you use the domain "yahoo.com" in your from address, and you send that mail from somewhere other than Yahoo, that mail is now going to get rejected (bounced) by a significant number of ISPs both large and small, beceause Yahoo is now explicitly telling those ISPs to reject that mail, based on Yahoo's new "p=reject" DMARC policy setting.

Small-to-medium businesses (SMBs) and other smaller organizations are probably most affected by this change. SMBs often use a Gmail, Yahoo, AOL or Hotmail from address when sending mail via an email service provider (like the ExactTarget Marketing Cloud). You can't safely do that any more; as of today, right now, Yahoo has placed restrictions on using a Yahoo from address, and it would be wise to assume that at some point other email providers or ISPs might follow suit, and similarly restrict use of their from addresses when using outside services.

Here are the Do's and Don'ts of picking the right from address:

• DO use ExactTarget's Sender Authentication Package. If you have this, you're not going to run into this issue. We're already using your own domain name in your from addresses, and you are not going to have any problem with any DMARC policy set by some other ISP, webmail or domain owner.
• DON'T use a from address that contains a domain name of yahoo.com, ymail.com or rocketmail.com. These are Yahoo webmail domains, and Yahoo has published a DMARC policy with the restrictions described above. Your ability to get to the inbox will be greatly harmed if you use these domains in your from address.
• DON'T use a from address containing a domain name of any other big ISP like aol.com, hotmail.com, outlook.com, gmail.com, comcast.net, etc. As of April 7, 2014, these domains have not published a DMARC policy similar to Yahoo's policy. But, because you don't own these domain names, you have no way to stop an ISP or domain owner from implementing such a policy in the future. Bad things will start the happen the moment any one of these ISPs make such a change. And, even though today you do not run afoul of a DMARC policy violation, your mail won't authenticate correctly, because ISP domains are typically configured to allow email authentication only when sending from the ISP's infrastructure or user interface.
• DO use a from address in a domain you own. Your domain means you can make changes to it in the future. It means you can move it to another provider in the future, if your current provider's policies change to be out of sync with what you'd like the to be.

Purchasing your own domain name is easy and can be done for around $15/year. And if you need to be able to receive email at that domain, many services are available. It's not very hard or expensive to ensure that you're in control of your own destiny by ensuring you or your company owns a domain name, instead of relying on someone else.

And finally, if you're the deeply technical sort of person who knows quite a bit about DNS, SPF, DKIM and DMARC - tread carefully when implementing a DMARC record and policy. Yahoo's policy change has definitely had some consequences. I can't say whether or not those consequences were unforseen or not, but I know that today, Yahoo users are finding it hard to subscribe to mailing lists; mailing list software is typically configured in a way that runs afoul of Yahoo's p=reject policy choice. This specific issue may not affect you, but a similar one could: if you don't have a perfect grasp of the different mail streams there might be out there, legitimately using your own domain name, you could accidentally cause problems -- big problems -- resulting in some or all of your own legitimate mail getting rejected.