Yahoo's latest tactic is just to insist on complete DMARC alignment to even stand a chance of being delivered. We have no problems with pretty much any other provider apart from them. And of course, they won't help you understand what is wrong with a particular message and how to avoid spam traps because "that would help phishing", which of course is patently nonsense since GMail pretty much tell you how to keep you mail acceptable.
I have 100% compliance with DMARC, DKIM, SPF, reverse DNS records set, a valid SSL cert - and Yahoo still drops half my mail. Works at basically every other major provider: Gmail, AOL, iCloud, Outlook, Yandex, etc.
My conclusion is that Yahoo's spam filters just suck in general.
And yet, during my annual login to the Yahoo account I keep around out of morbid curiosity, it’s full of spam. It seems like refusing to accept inbound mail would be an improvement in their filtering.
Full disclosure: I work on Yahoo Mail, but I’m not speaking for my employer.
Have you checked out CFL? If users mark sender’s messages as spam, it can impact that sender’s deliverability. The CFL can help avoid these recipients by understanding spam reports.
The domain in question is exclusively used for personal email by myself and close friends/family I trust. I would be surprised if a single message ever sent from this domain has been manually marked as spam on Yahoo.
Im guessing you run your own mail server more for fun? It’s the one service I use frequently but I’ve never tried to self host - its always seemed like a lot of pain.
Thanks for your reply. I had no idea this was a thing. I still don't have any idea why would yahoo would put us on a grey listing while Gmail and Hotmail don't.
I'm trying to get their support to help me. I'll update here if I have any useful answer from them.
Oh! To be entirely honest, I got the link directly from a reference on a Wikipedia page, so I assumed the old link must be down since it was using archive.org.
With that being said, the archive.org link is probably better in case anyone comes across this HN discussion in the future.
I think Wikipedia references are encouraged to use archive links because it will show the page at the time that they used it as a reference as opposed to linking to the live page which can change at any time.
Wikipedia references should include both the live url and the archive url, and then set the “dead” flag to either true or false to choose which url to link to. Probably either an automated process or an inattentive user falsely marked the url as dead.
Wikipedia has been around long enough that many of the citation links pointing to other websites are broken. So there are several wiki bots that go around replacing direct links with links to the archived pages.
We ask people not to submit archive links* because it's important for readers to see the original provenance of the article, e.g. in the site name displayed to the right of the title.
"Please submit the original source. If a post reports on something found on another site, submit the latter."
Not often I give props to the BBC, but impressive how they've managed to keep that page/article working for so long. Even most of the links on the page still take you to somewhere relevant and the search box still works.
Surprised they haven't bothered to try and migrate the old articles to their newer systems though!
The genius is exactly that they haven't bothered. Can you imagine the flow of layout bugs over the past 20 years, or the managers calling to scrap old content because it's generating so much workload?
That's very much a successful case of avoiding needless technology
Wasn't really thinking of the NSA/government agencies. Of course they'll be able to do dodgy stuff. Was more thinking about public WiFi networks and bad actors!
If you regularly encounter humans that use different date formats, IMO that method is a great way to avoid confusion between dd/mm/yy and mm/dd/yy.
ISO-8601 is great for computers since it has nice sorting properties, but IMO it's less great for human to human communication. For example if you're trying to set an appointment (or reading current news), it wastes a lot of time to specify the year for every message or article when it's already clear from context.
> Actually, it appears to be a real term and not a mistake. I'm finding "medireview" in a lot of places on the web in place of the more traditional "medieval," even in university and college catalogs.
> Interesting.
This is the funniest forum thread I've seen in ages
Another humorous example from the second page of that thread:
> speaking of which, did anyone else who owns the 2e Wizard's Spell Compendium notice that the term "dawizard" appeared wherever "damage" should have been?
> Etymology: Coined accidentally by Yahoo! Mail in 2001, from medieval by automated string substitution of review for eval, a Javascript command short for evaluate.
Tangent related to this. I had an old yahoo mail address from late 90s till mid 00s before I switched to gmail. Lots of family / high school / college / early professional emails were there.
The other month I logged in to view them as I do every so often and yahoo had purged the entire archive. Like 20MB worth of emails gone.
Apparently they have a policy if you do not log in in a year of time they will delete everything with no way to recover.
I can’t imagine the decision making to put this policy in nor could I ever imagine using yahoo email again for any purpose whatsoever.
When they don't charge money for it and you're not using it (so no views for ads), they aren't getting paid and it's costing them storage money. How is it hard to see that they are giving it away for free?
I’m sorry the service didn’t meet your expectation, but for others here who are curious, there are some options for keeping email storage active! These days there are paid Yahoo Mail accounts available which retain email for as long as you have the subscription active. (Or you can log in once a year with a free account.)
You can also use a IMAP app to save a local archive of all of your email. This works for all accounts, even free ones! More: https://help.yahoo.com/kb/SLN5033.html
I use getmail (similar to fetchmail) to routinely archive (i.e., sync without deleting + reindex) all of my emails from various free accounts, just in case. It can save to mbox, Maildir, mh, and other formats that are easy to import to any MUA/LDA. This is worth doing for all e-mail, and I have a patch to make it support OAuth. I don’t think it supports JMAP, but it’s great for IMAP, Gmail, and Yahoo mail and deduplicates messages by ID and content, etc. while preserving tags/mailboxes (if saved as Maildir). I highly recommend running something like that in a cron job somewhere once a week to sync locally with some sanity checks (e.g., did it save any new messages? did the folder grow? Etc.)
I also use it to save Spam/Junk folders, which then comes in very handy to train my local spam classifier for my self-hosted mail servers with lots of data. (Over 3TB of spam saved so far and about 20GB of ham.)
Gmail’s spam filter has had a higher false positive rate than usual for me lately, so I have a little report emailed to me once a week of likely ham in my gmail spam box, which has found at least 3 messages per week that I missed.
I use a mix of google email labels, apps script, spreadsheet & drive folder to download every email (older than 15 days, so that I have enough time to delete it) as .eml files in Google drive folder, which by turn downloads it to my local disk.
The spreadsheet keeps log of each msg in a thread.
Labels marks the downloaded emails.
Apps script run on a trigger & does the heavy lifting of actually downloading the .eml.
Gmail definitely does not enact this policy. Me and a friend managed to log into a shared gmail account recently we had from high school, to which no one logged in for more than a decade.
If costs got too much, they could easily take all very old emails and archive them - for example onto tape and cut down to one or even no online replicas.
Then add a button that says "Some emails and attachments older than 1 year are archived. Click here to retrieve them (takes 24 hours)"
What totally enraged me about this is that the policy was apparently introduced long after I created my account. At some point when I switched to Gmail, I set up yahoo to forward to it. This worked for years. Then this policy kicked in and from one day to the other, the Yahoo account was deleted. No warning was sent to the Gmail address beforehand. There wasn't much going on on the Yahoo account anyways, so I only noticed it much later. I have an old YouTube account that I signed up to with that yahoo address that I can't access anymore, and not do the recovery process because email.
Easy, just recreate that Yahoo account right? Wrong, to suck even more, yahoo now only offers new Email accounts on their .com domain. Mine wasn't on the .com domain. But existing accounts on the other domains still work fine, so they need to keep up that infra anyways.
>Full disclosure: I work on Yahoo Mail, but I’m not speaking for my employer.
I've worked for large corporations before, and I have had training g that explicitly told me not to "go on social media, disclose my affiliation, and then run text support".
I'm not going to tell you how to post on HN - cause I love hearing true tech stories, but you might consider caution
I work for a large corp and I’ve explicitly OKed it with the social media team that it’s OK for me to engage with customer complaints online to get them resolved if necessary. There are a few guidelines, but they’re easy to meet.
In my experience, this cuts two ways. Some companies hire what about to PR flacks to respond to complaints with bland, vague apologies and company hype. The good companies have real support people tasked specifically with engaging on social media to help users fix issues, especially common ones. As you might expect, I tend to prefer to do business with the latter, and I suspect I'm not alone.
One of the things that makes HN special is getting frontline insights like what OP gave. Almost any thread with a major issue/outage will have such a comment. Most of the time, it will come directly from a CTO/CEO.
Heck, I login daily (my Yahoo Mail is my "this online shop needs an email address" address) and a few years ago I checked, it's lost my emails before the year 2000. (Yeah I got the address when Yahoo started offering them, because I thought it'd be cool to have an @yahoo.com address...). Of course back then I actually had real emails, from high school friends and family members, which are all gone now. Great job your team is doing!
Unrelated question, but since you work on Yahoo Mail...
What's its association with AT&T? My parents have an old AT&T email they want to keep after leaving AT&T. AT&T claims it's possible (which I find shocking), but it's not really clear who actually runs the account. I think it was originally sold as AT&T/Yahoo, so was it Yahoo mail under the hood? Is that still the case?
I don’t know the policy for email account retention for AT&T Internet email, so I can’t speak to anything about it…
But for your last two questions: Yes, it’s Yahoo Mail under the hood! That is still the case. Yahoo provides email hosting services for AT&T Internet users under a contract between Yahoo and AT&T.
However, all customer support for AT&T Yahoo Mail is handled by AT&T, so the best resource for help for those accounts would be AT&T customer service or their help site: https://www.att.com/support/topic/email-support/
Wow we should all use only Google because they are the only good and trustworthy email provider. Why do we even need email at all? There should just be a simplified protocol or webapp that stores everything on Google and manages all your authentication tokens for every website you use.
</sarcasm> yup that was the end game for email as we knew already 20 years ago
The same thing happened to me and I'm still sick of it. I lost a lot of emails from the beginning of my career. I found out when I finally got around to backing up my old stuff. There are still a lot of emails that I wish I still had. I know it is / was a free service, but still.
Feels weird to be one of those patronizing old farts, but: Thunderbird has nearly all of my emails since mid-2000s, including accounts that are dead for years.
I just have all my emails since 1997 in my current email account. Every time I've changed providers, I've copied the old emails over to the new one as they've all had some POP3 functionality for import.
I do still have my first email account from 1997 too, but it was an early free email service that got acquired by Yahoo so I was hit by this same Yahoo deletion policy at some point. Which didn't really matter as I had everything copied over to the next one anyway.
Same here, glad I'm not alone in this. When I explain to people I can search 25 years of personal email via my current inbox, they just look at me like I'm making it up.
When I switched to a personal Exchange server about 15 years ago, I copied over all previous emails from a collection of legacy accounts, and then more recently I migrated the whole lot up to Exchange Online.
I also converted and migrated in old mail messages from a DEC VMS system I used to be a SysAdmin on.
I also used yahoo mail during that same period and am disappointed to see all my emails gone as well. I can understand the reasoning, but man, what a blast from the past it would to see what college-aged me was emailing 20 odd years ago.
I think the last time I checked on this email was nearly 10 years ago and by that point, it was 99.9% spam, so pretty much worthless for day to day use.
Looking from a different perspective, this kind of account expiration is good for data security. Just think how many dormant Yahoo accounts there would be, forgotten by the owner and with weak and leaked passwords. Likely in many cases users themselves could not even remember passwords, making it impossible for them to remove the data.
This literally caused me to have a bad taste in my mouth when I was in high school:
My yearbook advisor sent yahoo mail and asked what I would like to be picked up at Starbucks for an early morning meeting the next day.
"Caramel Mocha, thank you!", I replied.
The next morning, I was surprised with an undrinkable "Caramel espresso" - an espresso with a pump of caramel syrup. I thought she had made an innocent mistake and was shocked to see there was in fact a difference between my sent text and her received text. I had no explanation.
After some years in web dev, and encountering this article, I realized that, as the precursor to javascript - the script type "mocha" was valid, so yahoo just went ahead and replaced all references to mocha with something that probably seemed innocuous to a junior developer - except it wasn't.
When I worked at starbucks I loved that shit! 2 shots of blonde espresso, a pump of caramel and a liiittle bit of steamed half+half. Thinking about it now makes me feel sick though.
Content modification usually leads to vulns (e.g, XSS filters, possible bitsquatting enabled here if they change URLs or breaking array bounds checks in programs). Classic 90s security. Too bad 90s security never went away.
You should always use SSL and secure encryption when possible. In fact, sticking with http is such a bad idea that most websites are now using https by default.
The real question is: why did the OP provide a bare http link? Something sitting around in a bookmarks file from 2002?
The localhost forward proxy I run changes http:// to https://. Unlike a browser extension such as "HTTPS Everywhere" it is not restricted only to web browsers.
The page is available via https:// through Internet Archive (IA):
If I encounter a site like this that has http:// only URLs, I can specify the proxy configuration to redirect to IA when it encounters an http:// URl with the domain "news.bbc.co.uk".
The answer to the "real question" is that there is no https:// URL to provide. As I stated, changing this URL to https:// will only return "HTTP/1.1 301 Moved Permanently" with the Location header containing the http:// URL.
You answered the actual question asked (my emphasis added below):
> Dumb user question: Why is this URL redirecting tohttps://fromhttp://
It appears the intent of the question was the inverse—the link redirects from HTTPS to HTTP (the mechanics of which have already been addressed by another comment). I don’t think you should have been downvoted for answering the question as stated in good faith, even if it wasn’t the intent of the question.
With that said, the question to me is why does the BBC downgrade HTTPS requests for older content to HTTP permalinks? It seems to me that’s probably more complex than just serving the same content for both protocols. Perhaps it’s policy, or regulatory?
What I meant was why is this URL redirecting from https:// to http://
The URL is not redirecting from https:// to http://, it is redirecting from https:// to http://. Anyone who tried to follow the URL as submitted to HN would be able to notice that. It would be evident to such persons that the question was incorrectly worded.
Almost completely OT, but reminds me of a company I used to write for who for reasons decided that we weren't authors any more, but writers. Somebody did a find n replace on the documentation which lead to some interesting constructions like "if a piece has been writered by multiple writers..."
137 comments
[ 2.7 ms ] story [ 202 ms ] threadMy conclusion is that Yahoo's spam filters just suck in general.
Have you checked out CFL? If users mark sender’s messages as spam, it can impact that sender’s deliverability. The CFL can help avoid these recipients by understanding spam reports.
More best practices for deliverability: https://senders.yahooinc.com/best-practices/
Since a while now, yahoo are delaying emails for 12 h to 48 h. I have 0 issue anywhere else than yahoo.
Not a single email sent by this server has been flagged has spam according to their own support staff.
I have no idea what to do to fix those delays and it seems they have no idea either...
https://en.wikipedia.org/wiki/Greylisting_(email)
I'm trying to get their support to help me. I'll update here if I have any useful answer from them.
http://news.bbc.co.uk/2/hi/science/nature/2138014.stm
With that being said, the archive.org link is probably better in case anyone comes across this HN discussion in the future.
Linking only to an archived copy when the original is still live would be unusual.
"Please submit the original source. If a post reports on something found on another site, submit the latter."
https://news.ycombinator.com/newsguidelines.html
* If the original article is really not available anywhere else on the web and is interesting enough for a good HN thread, posting archive.org is ok.
Surprised they haven't bothered to try and migrate the old articles to their newer systems though!
That's very much a successful case of avoiding needless technology
http://www.youtube.com/watch?v=fwcl17Q0bpk
Its site design in the early 2000s was much like the BBC's http://www.cnn.com/2000/TECH/computing/08/11/email.hoaxes/in...
Past headlines remain relentlessly interesting... https://web.archive.org/web/20000815060311/http://www.cnn.co...
It’s surprisingly hard to do which is why these days so few do it, plus screen real estate on mobile adds additional challenges.
ISO-8601 is great for computers since it has nice sorting properties, but IMO it's less great for human to human communication. For example if you're trying to set an appointment (or reading current news), it wastes a lot of time to specify the year for every message or article when it's already clear from context.
"When did "Medireview" = Medieval???"
https://www.enworld.org/threads/when-did-medireview-medieval...
This is the funniest forum thread I've seen in ages
> speaking of which, did anyone else who owns the 2e Wizard's Spell Compendium notice that the term "dawizard" appeared wherever "damage" should have been?
`const ev = 'ev', al = 'al', ert = 'ert'; window[ev + al](window[al + ert]('hi'))`
https://en.wiktionary.org/wiki/medireview
> Etymology: Coined accidentally by Yahoo! Mail in 2001, from medieval by automated string substitution of review for eval, a Javascript command short for evaluate.
1 https://en.wikipedia.org/wiki/I_before_E_except_after_C#Exce...
The other month I logged in to view them as I do every so often and yahoo had purged the entire archive. Like 20MB worth of emails gone.
Apparently they have a policy if you do not log in in a year of time they will delete everything with no way to recover.
I can’t imagine the decision making to put this policy in nor could I ever imagine using yahoo email again for any purpose whatsoever.
Yes, this can happen after 12 months of inactivity for free accounts. Policy: https://help.yahoo.com/kb/SLN2018.html
For context, Gmail has a policy which allows for deletion after 2 years of inactivity: https://www.google.com/gmail/about/policy/
I’m sorry the service didn’t meet your expectation, but for others here who are curious, there are some options for keeping email storage active! These days there are paid Yahoo Mail accounts available which retain email for as long as you have the subscription active. (Or you can log in once a year with a free account.)
You can also use a IMAP app to save a local archive of all of your email. This works for all accounts, even free ones! More: https://help.yahoo.com/kb/SLN5033.html
I was looking "naïvely" for the button to request all of his personal data. I didn't find one and there's probably one somewhere I'm guessing.
I resigned myself to set up Outlook on his computer and make a manual backup.
I also use it to save Spam/Junk folders, which then comes in very handy to train my local spam classifier for my self-hosted mail servers with lots of data. (Over 3TB of spam saved so far and about 20GB of ham.)
Gmail’s spam filter has had a higher false positive rate than usual for me lately, so I have a little report emailed to me once a week of likely ham in my gmail spam box, which has found at least 3 messages per week that I missed.
The spreadsheet keeps log of each msg in a thread.
Labels marks the downloaded emails.
Apps script run on a trigger & does the heavy lifting of actually downloading the .eml.
It would be a security nightmare to let anyone else register and reuse an email address anyway. So the only benefit is saving a little disk space.
But disk space for highly compressible text that will probably never be accessed is super cheap.
Then add a button that says "Some emails and attachments older than 1 year are archived. Click here to retrieve them (takes 24 hours)"
Easy, just recreate that Yahoo account right? Wrong, to suck even more, yahoo now only offers new Email accounts on their .com domain. Mine wasn't on the .com domain. But existing accounts on the other domains still work fine, so they need to keep up that infra anyways.
I've worked for large corporations before, and I have had training g that explicitly told me not to "go on social media, disclose my affiliation, and then run text support".
I'm not going to tell you how to post on HN - cause I love hearing true tech stories, but you might consider caution
What's its association with AT&T? My parents have an old AT&T email they want to keep after leaving AT&T. AT&T claims it's possible (which I find shocking), but it's not really clear who actually runs the account. I think it was originally sold as AT&T/Yahoo, so was it Yahoo mail under the hood? Is that still the case?
But for your last two questions: Yes, it’s Yahoo Mail under the hood! That is still the case. Yahoo provides email hosting services for AT&T Internet users under a contract between Yahoo and AT&T.
However, all customer support for AT&T Yahoo Mail is handled by AT&T, so the best resource for help for those accounts would be AT&T customer service or their help site: https://www.att.com/support/topic/email-support/
Definitely a contributor to sticking with Gmail.
</sarcasm> yup that was the end game for email as we knew already 20 years ago
I do still have my first email account from 1997 too, but it was an early free email service that got acquired by Yahoo so I was hit by this same Yahoo deletion policy at some point. Which didn't really matter as I had everything copied over to the next one anyway.
When I switched to a personal Exchange server about 15 years ago, I copied over all previous emails from a collection of legacy accounts, and then more recently I migrated the whole lot up to Exchange Online.
I also converted and migrated in old mail messages from a DEC VMS system I used to be a SysAdmin on.
I think the last time I checked on this email was nearly 10 years ago and by that point, it was 99.9% spam, so pretty much worthless for day to day use.
https://www.youtube.com/watch?v=CcZdwX4noCE
I do not get thinking that replacing the word "eval" with "review" is a solution to that problem.
My yearbook advisor sent yahoo mail and asked what I would like to be picked up at Starbucks for an early morning meeting the next day.
"Caramel Mocha, thank you!", I replied.
The next morning, I was surprised with an undrinkable "Caramel espresso" - an espresso with a pump of caramel syrup. I thought she had made an innocent mistake and was shocked to see there was in fact a difference between my sent text and her received text. I had no explanation.
After some years in web dev, and encountering this article, I realized that, as the precursor to javascript - the script type "mocha" was valid, so yahoo just went ahead and replaced all references to mocha with something that probably seemed innocuous to a junior developer - except it wasn't.
Sounds like something Gilfoyle's AI from Silicon Valley would do.
> I had no explanation.
The AI broke modern encryption in order to implement lossy compression.
The real question is: why did the OP provide a bare http link? Something sitting around in a bookmarks file from 2002?
The page is available via https:// through Internet Archive (IA):
https://web.archive.org/web/20030408070754if_/http://news.bb...
If I encounter a site like this that has http:// only URLs, I can specify the proxy configuration to redirect to IA when it encounters an http:// URl with the domain "news.bbc.co.uk".
The answer to the "real question" is that there is no https:// URL to provide. As I stated, changing this URL to https:// will only return "HTTP/1.1 301 Moved Permanently" with the Location header containing the http:// URL.
> Dumb user question: Why is this URL redirecting to https:// from http://
It appears the intent of the question was the inverse—the link redirects from HTTPS to HTTP (the mechanics of which have already been addressed by another comment). I don’t think you should have been downvoted for answering the question as stated in good faith, even if it wasn’t the intent of the question.
With that said, the question to me is why does the BBC downgrade HTTPS requests for older content to HTTP permalinks? It seems to me that’s probably more complex than just serving the same content for both protocols. Perhaps it’s policy, or regulatory?
The URL is not redirecting from https:// to http://, it is redirecting from https:// to http://. Anyone who tried to follow the URL as submitted to HN would be able to notice that. It would be evident to such persons that the question was incorrectly worded.
Apologies for the inadvertence.