Jump to content

Archived

This topic is now archived and is closed to further replies.

dr_lucas

Yahoo new anti-spoofing policy breaks email delivery

Recommended Posts

My site is suffering from this same issue, emails from the shop contact-us form are bounced by gmail due to Yahoo's new anti-spoofing policy, as described here:

http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html

 

What would be the recommended way to fix this?

Share this post


Link to post
Share on other sites

This is a related thread at drupal: https://drupal.org/node/2236237

Maybe good to include it here, to migrate the same solution or suggest similar one for osC.

Share this post


Link to post
Share on other sites

Hi

 

try this (works for me sending from contact_us.php on a bluehost server using a yahoo.com email as the customer's address and the store admin emails are handled by a Gmail account

 

in includes/functions/general.php find the tep_mail() function [at around line 1039 in osC 2.3.3.4 but ymmv] and replace it with this

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

//new code starts here++++
//OK so let us do something with yahoo in the from email address - knock it down to lowercase and then do needle in haystack thing

if (strpos(strtolower($from_email_address), 'yahoo')){
//yahoo email so add in the reply to header and then take the yahoo reference out of the $from_email_address
//leaving it in there will stop the eamil reaching a Gmail account

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Yahoo customer';

}else{
//no harm in giving the extra header in any case??
 $message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
}
//end new code +++++
// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
 $message->add_html($email_text, $text);
} else {
 $message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

Share this post


Link to post
Share on other sites

Thanks, Bob, just a quick note that yahoo mail also uses ymail.com and rocketmail.com domains, ie. better make the condition:

if ( (strpos(strtolower($from_email_address), 'yahoo')) || (strpos(strtolower($from_email_address), 'ymail')) || (strpos(strtolower($from_email_address), 'rocketmail')) ){

 

cheers :)

Share this post


Link to post
Share on other sites

Hi,

 

if I understand this correctly, you should also add this change to the admin version of the "tep_mail"-function. Or not?

 

AD

Share this post


Link to post
Share on other sites

nope, but wouldn't hurt

Share this post


Link to post
Share on other sites

The thought process is close.. issue with this approach is it is too specific..

 

It should be more to the lines of checking if the FROM is different from the hosted domain, if so make some changes. Go read the dupral post.. its much more generic.. yahoo/ gmail connection is not the only combo.. paypal also consequently ebay are also involved.. I also need to make changes elsewhere because i have a highly modified oscmax installation, so this is affecting the merchant order copies.. for all installations it will affect the contact form, tell a friend form too.. maybe more.. oh the built in newsletter in the oscmax versions.

 

I'm happy to help test.


Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Share this post


Link to post
Share on other sites

Has any of you set a dmarc record in your dns record along eith DKIM & SPF ? I have and today got 2 notices., I'm on my tablet and can't open them right now.. The emails look legit. The report is a zip attachment. Dumb thing is Gmail marked it as spam!


Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Share this post


Link to post
Share on other sites

ok sorry for all the posts.. I checked those 2 emails.. dont much understand them, but one was from hotmail the other from yahoo.. I checked the default email box of the domain .. all my tests thus far have been bouncing there.. I see nothing in either time frame at all - not there, not in my gmail account.. no where

 

<?xml version="1.0"?>
-<feedback>
-<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>postmaster@dmarc.yahoo.com</email>
<report_id>1397813111.169969</report_id>
-<date_range>
<begin>1397692800</begin>
<end>1397779199 </end>
</date_range>
</report_metadata>
-<policy_published>
<domain>oneofmydomains.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
-<record>
-<row>
<source_ip>209.85.216.182</source_ip>  <<--that is a GOOGLE ip
<count>1</count>
-<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>oneofmydomains.com</header_from>
</identifiers>
-<auth_results>
-<dkim>
<domain>gmail.com</domain>
<result>pass</result>
</dkim>
-<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

 

<?xml version="1.0" encoding="UTF-8"?>
-<feedback>
-<report_metadata>
<org_name>Microsoft Corp.</org_name>
<email>dmarcrep@microsoft.com</email>
<report_id>de584bb6ae0e4a3e8c73b597a3fcf6fd@hotmail.com</report_id>
-<date_range>
<begin>1397775600</begin>
<end>1397862000</end>
</date_range>
</report_metadata>
-<policy_published>
<domain>oneofmydomains.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
-<record>
-<row>
<source_ip>208.67.xx.xxx</source_ip>  <<-- IP of oneofmydomains.com
<count>1</count>
-<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>oneofmydomains.com</header_from>
</identifiers>
-<auth_results>
-<spf>
<domain>myserver.com</domain>
<result>fail</result>
</spf>
-<dkim>
<domain>oneofmydomains.com</domain>
<result>none</result>
</dkim>
</auth_results>
</record>
</feedback>


Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Share this post


Link to post
Share on other sites

and indeed AOL has now also started to reject failed DMARC mails..

see:

http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/

 

.. please consider using an email address from your own domain as the From address and populate the Reply-To: line with the address of the person sharing.

we need to switch that method on the order emails, comment and share forms.. can someone help here?


Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Share this post


Link to post
Share on other sites

@@wkdwich

 

You can simply change your tep_mail function to this, so that it will use the same method for all emails, not just Yahoo:

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Web Shop customer';

// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
$message->add_html($email_text, $text);
} else {
$message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

Share this post


Link to post
Share on other sites

It's not a osc pb I think, but on your server and domaine :

look this article :

DMARC (Domain-based Message Authentication, Reporting & Conformance), DKIM (DomainKeys Identified Mail)SPF (Sender Policy Framework) must be inserted on your server.



Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

 

Share this post


Link to post
Share on other sites

@@wkdwich

 

You can simply change your tep_mail function to this, so that it will use the same method for all emails, not just Yahoo:

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Web Shop customer';

// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
$message->add_html($email_text, $text);
} else {
$message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

 

I tried something very close to this as recommended by a contributor to the oscMAX forums:

 

$message = new email(array('X-Mailer: osCmax Mailer', 'Reply-To:'.$from_email_address, 'noreply@mydomain.com'));

 

and it actually made things worse.. now I had (2) FROM's and AOL flat out just rejected:

SMTP error from remote mail server after end of data:

host mailin-04.mx.aol.com [64.12.88.131]: 521 5.2.1 :

AOL will not accept delivery of this message.

 

 

 

while before at least I had:

SMTP error from remote mail server after end of data:

host mailin-01.mx.aol.com [64.12.88.132]: 521 5.2.1 :

(DMARC) This message failed DMARC Evaluation and is being refused due to

provided DMARC Policy


Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Share this post


Link to post
Share on other sites

This totally worked for me.  Thanks Bob Terveruren!!!

 

Hi

try this (works for me sending from contact_us.php on a bluehost server using a yahoo.com email as the customer's address and the store admin emails are handled by a Gmail account

in includes/functions/general.php find the tep_mail() function [at around line 1039 in osC 2.3.3.4 but ymmv] and replace it with this
 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

//new code starts here++++
//OK so let us do something with yahoo in the from email address - knock it down to lowercase and then do needle in haystack thing

if (strpos(strtolower($from_email_address), 'yahoo')){
//yahoo email so add in the reply to header and then take the yahoo reference out of the $from_email_address
//leaving it in there will stop the eamil reaching a Gmail account

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Yahoo customer';

}else{
//no harm in giving the extra header in any case??
	 $message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
}
//end new code +++++
// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
	 $message->add_html($email_text, $text);
} else {
	 $message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

Share this post


Link to post
Share on other sites

×