AOL Changes Email Security Policy To Fight A Wave Of Spoofing
AOL Mail, battling a wave of email spoofing, Tuesday announced a security change to guard against unauthorized use of AOL email accounts.
The move was a reaction to the recent proliferation of spam that appeared to originate from AOL accounts, many that hadn’t been used for years. You can see some of the anger — and quite a few jokes — on the #aolhacked hashtag stream on Twitter.
AOL acknowledged the issue and adjusted its DMARC policy to stop delivery of “what previously would have been considered authorized mail sent on behalf of AOL Mail users via non-AOL servers.”
The DMARC change — setting the policy to p=reject — is similar to what Yahoo did earlier this month. Yahoo’s switch, which we covered here, is causing significant disruption for small business using Yahoo.com addresses to communicate with customers and prospects.
And AOL’s adjustment will cause similar bounce-back problems for businesses using AOL in the same way. AOL’s solution?
In almost all cases, we recommend that you switch to sending mail from your own domain. You may also consider using AOL SMTP directly.
For mailing lists, also known as listservs, we recommend configuring reply behavior to fill the From line with the mailing list’s address rather than the sender’s and put the actual user / sender address into the Reply-To: line. Please also note that current “auto unsubscribe” logic based upon bounces might be too rigid until this change has been in place for a while.
For website operators with ‘share from email’ functionality, please consider using an email address from your own domain as the From address and populate the Reply-To: line with the address of the person sharing.
Read AOL’s full explanation here.