An Update on our DMARC Policy to Protect Our Users

By Jeff Bonforte, SVP of Communications Products

Today I did a search on “we never locked our doors” and here are some of the top results:

  • "…until the 1980’s."
  • "…when I was growing up."
  • "…because everybody knew everybody, and there was no crime…"
  • "…until about five years ago."
  • "…but now you have to make sure everything is locked up."

Similarly, when email was designed over 30 years ago, everyone knew everyone, there was no crime and no need to “lock the doors”.

The world has changed. So while email is an essential tool for business and personal life, it is also the focus for some of those who endeavor to do us harm. The new normal across the web can include massive attempts at account hacking, email spoofing (forging sender identity) and phishing attacks (tricking a user to give up account credentials).

The doors to your inbox need another lock.

Because of the rise of spoofing and phishing attacks, the industry saw a need over two years ago to require emails to be sent more securely and formed an organization, including Yahoo, Google, Aol, Microsoft, LinkedIn, and Facebook, to work out a solution. The organization designed and built something called DMARC, or Domain-based Message Authentication, Reporting and Conformance. Today, 80% of US email user accounts and over 2B accounts globally can be protected by the DMARC standard.

On Friday afternoon last week, Yahoo made a simple change to its DMARC policy from “report” to “reject”. In other words, we requested that all other mail services reject emails claiming to come from a Yahoo user, but not signed by Yahoo.

Yahoo is the first major email provider in the world to adopt this aggressive level of DMARC policy on behalf of our users.

And overnight, the bad guys who have used email spoofing to forge emails and launch phishing attempts pretending to come from a Yahoo Mail account were nearly stopped in their tracks.

There is a regrettable, short-term impact to our more aggressive position on DMARC. Many legitimate emails sent on behalf of Yahoo Mail customers from third parties are also being rejected. We apologize for any inconvenience this may have caused.

As we said at the start of post, for better or for worse, times have changed. We can no longer allow this massive security hole to remain for our customers and we believe the solution is simple - Yahoo requires external email service providers, such as those who manage distribution lists, to cease using unsigned “sent from” mail, and switch to a more accurate “sent on behalf of” policy. We know there are about 30,000 affected email sending services, but we also know that the change needed to support our new DMARC policy is important and not terribly  difficult to implement. We have detailed the changes we are requiring here.

Already, many of the most popular mail services had made the necessary changes. For example, you can read the Tuesday blog post from MailChimp to its customers and positive feedback from Twitter as well.

Another email service provider blogged, “it likely won’t be long before all ‘from themselves, but not from themselves’ emails are treated with the same scrutiny [as Yahoo] by other webmail services.”

With stricter DMARC policies, users are safer, and the bad guys will be in a tough spot. More importantly, verified senders will unlock a massive wave of innovation and advancement for all our inboxes.

We have listed some useful resources where you can learn more about these important steps.

- DMARC

- DKIM

- SPF

Bobbi Brown Joins Yahoo as Editor in Chief of Beauty

image

By Kathy Savitt, Chief Marketing Officer

We’re thrilled to announce that Bobbi Brown is joining Yahoo as Editor in Chief of Beauty, where she will lead editorial direction, original content and the expansion and re-imagination of Yahoo Beauty. Bobbi will bring her beauty expertise and distinctive point of view to Yahoo’s audience, helping to inspire millions of women daily. She will also add some of the best independent voices in beauty and makeup to the Yahoo Beauty editorial team. 

Bobbi is the Founder and Chief Creative Officer of Bobbi Brown Cosmetics, a global color cosmetics, fragrance and skincare brand with a presence in 60 countries. She is also a permanent fixture backstage at New York Fashion Week and works with the industry’s most influential designers, celebrities and style makers. A New York Times bestselling author, she has written eight instructional and engaging beauty and lifestyle books, and appears regularly in global print and broadcast media outlets.  She will start at Yahoo on April 21, 2014. 

Here’s what Bobbi had to say about joining Yahoo:

"I’m excited to take on my new role as Editor in Chief of Yahoo Beauty. In my career as a makeup artist, I’ve also had the amazing opportunity to write, create and teach.  In this new role, I get to combine my interest in education and empowerment by curating amazing visual content that will teach women how to be their best selves. Beauty is not just about makeup, it’s about lifestyle and confidence.”

We can’t wait to share more about what’s in store for Yahoo Beauty.  In the meantime, please join us in welcoming Bobbi to Yahoo!  

Status Update: Encryption at Yahoo

By Alex Stamos, Chief Information Security Officer

When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies as we discussed in our November 2013 Tumblr.

So today, we’re updating you on our progress:

  • Traffic moving between Yahoo data centers is fully encrypted as of March 31.

  • In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.

  • The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.

  • We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.

  • Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com) by typing “https” before the site URL in their web browser.

  • A new, encrypted, version of Yahoo Messenger will be deployed in coming months.

Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default.

One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.

In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isn’t a project where we’ll ever check a box and be “finished.” Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.

Yahoo Expands Editorial Staff with Paula Froelich and Josh Wolk; Sarah McColl named Editor in Chief of Yahoo Food

By Kathy Savitt, CMO

We’re excited to welcome two new leaders to our editorial team as part of our ongoing commitment to re-imagine how news and information is delivered and consumed: Paula Froelich, Editor in Chief of Travel; and Josh Wolk, Executive Editor of Yahoo Entertainment. Additionally, Sarah McColl, former managing editor of Yahoo Food, has been promoted to Editor in Chief of Yahoo Food.

Starting today, Paula will serve as Editor in Chief of Yahoo Travel, where she will lead editorial direction, original content, and the expansion and re-imagination of Yahoo Travel. She is an award-winning journalist, creator of the travel website A Broad Abroad, and the New York Times best-selling author of the novel Mercury In Retrograde. She was the deputy editor of the New York Post’s gossip column, “Page Six,” for 10 years. 

In his new role as Executive Editor of Yahoo Entertainment, Josh will oversee all editorial operations and shape the voice for entertainment coverage across the Yahoo media network.  Josh comes to Yahoo from Vulture.com/New York Magazine where he served as editorial director. Prior to that, he was a senior editor at Entertainment Weekly. Josh will start at Yahoo on April 7, 2014. 

Sarah McColl oversees all editorial functions for Yahoo Food (http://yahoo.com/food), which launched earlier this year. She has been part of Yahoo’s lifestyle editorial team since 2010.  Prior to Yahoo, Sarah was a senior editor at Conde Nast, where she launched a network of blogs and produced video programming. She has also written for Bon Appetit and House Beautiful and her website was called one of the “Best Blogs for Foodies” by Bon Appetit.

Yahoo makes the world’s daily habits inspiring and entertaining. We are committed to delivering trusted news and original content, through innovative product experiences, to more than 800 million users worldwide. Paula and Josh join other industry leaders recently hired at Yahoo including Katie Couric, Global Anchor; tech columnist David Pogue; Yahoo News Editor in Chief Megan Liberman; national political columnist Matt Bai, and several other award-winning journalists and editors. 

Users First: Sharing Our Transparency Report

By Ron Bell, General Counsel

At Yahoo, our users’ interests enlighten and inform all we do, including how we approach government requests for user information. Today we’re issuing our second transparency report, continuing our effort to provide as much information as we can about government requests for this data.

The transparency report contains:

  • Government data requests received by Yahoo! Inc. from July 1 to December 31, 2013, including Foreign Intelligence Surveillance Act (FISA) requests, National Security Letters (NSLs), and criminal data requests (such as search warrants, court orders, and subpoenas issued in criminal investigations).
  • More detailed information about the U.S. national security requests we received from January 1 to June 30, 2013, reflecting a new U.S. government policy that lets Internet providers disclose more about these requests. The U.S. government adopted this policy after Yahoo and other Internet companies sued for the right to provide more transparency about the number and kinds of requests we receive.
  • Government data requests received in countries in which Yahoo operates a legal entity.

You trust and rely on Yahoo to deliver beautiful, personalized products that make your daily habits inspiring and entertaining. In turn, we work hard to protect your information from unclear, improper, overbroad or unlawful government data requests. See for yourself how we put our users first approach into action.

We will continue to update our transparency report every six months to share further information about the government requests we receive.

 

Yahoo Screen Now On Roku

yahooscreen:

By Robby Stein , Director of Product, Mobile and Emerging Products

The Yahoo Screen app brings you great videos whether you’re on the go or on the couch. Today we’re thrilled to bring Yahoo Screen into your home with Roku.

We built the Screen app to create a TV-like experience on a mobile…

Yahoo Celebrates the 25th Anniversary of the Web

By Kathy Savitt, Chief Marketing Officer

Last night in Vancouver, tech influencers from around the world joined Yahoo and the World Wide Web Foundation to toast the 25th Anniversary of the World Wide Web

Twenty-five years ago, Sir Tim Berners-Lee forever changed all of our lives when he invented the World Wide Web. Six years later, David Filo and Jerry Yang founded Yahoo, marking their spot in history by making the Web a daily habit for hundreds of millions of people globally. 

To honor this milestone, Yahoo asked some of the world’s most respected Web pioneers and thought leaders to share their “aha moment” when they first realized the future impact of the Web. In addition, Grammy Award-winning artist and tech enthusiast will.i.am put an exclamation point on the evening with a special performance to honor the rich history of the Web and pay tribute to the people who paved the way for the innovations of today and tomorrow.   

See what people like Lady Gaga, David Filo, The Honorable Al Gore, and will.i.am had to say on Flickr and  view the full “25 on 25” list below. 
 image

image

At Yahoo, we are proud of the role that we have played in the evolution of the Web, and we know this is just the beginning.  We look forward to continuing in our mission to make the world’s digital daily habits inspiring and entertaining for years to come. Check out more photos from this historical moment on Flickr here.  

The Web Foundation seeks to establish the open Web as a global public good and a basic right, ensuring that everyone can access and use it freely. For more information, visit webat25.org, webfoundation.org or webwewant.org

Introducing the Yahoo Games Network and New Yahoo Classic Games

By Jesper Jensen, GM Yahoo Games

Back in May when Yahoo acquired PlayerScale, I promised there would be more to come.

Today, we are excited to introduce the Yahoo Games Network, our brand new platform for third-party game developers who want distribution of the Yahoo network in addition to easy onboarding services that help them authenticate players, monetize their games, provide social sharing, analytics and ongoing operational support for growth. We’re also launching the new Yahoo Classic Games with a beautiful, elegant, and easy-to-use design that plays seamlessly across the Web, Android devices and iPad, iPhone, and iPod Touch.

The new Yahoo Games Network bring the classics that we all know and love — like Yahoo Poker, Yahoo Pool, and Yahoo Bingo — in addition to other hits like KingsRoad, The Last Stand: Deadzone, Ballistic, Bingo Blingo, Rise of Mythos, Vegas World and Slotomania. We’re already working with some of the best developers in the industry like Rumble Entertainment, DreamWorks, SGN, ChangYou, Namco Bandai America, Playtika, FlowPlay, Con Artist Games and many more on web and mobile.

We plan to keep building out our platform with improvements and new features — providing not only a great experience for our millions of users, but also a cross-platform network for developers looking to reach the untapped gaming audience of Yahoo’s 800 million users worldwide (including 400 million users on mobile).

In the meantime, your feedback is invaluable to us and helps make Yahoo Games the best experience it can be, so let us know what you think.

Happy Gaming!

Introducing Our New CISO Alex Stamos

By Jay Rossiter, SVP of Platforms & Personalization Products

At Yahoo, we’re focused on having the absolute best talent in place to provide our users with outstanding product experiences. Part of that experience is the trust that consumers put in us to keep their personal data secure. This trust is critical to our brand and is critical to our commitment to the hundreds of millions of users who make our products part of their daily habits. That’s why I’m thrilled to welcome Alex Stamos to Yahoo as our new VP of Information Security (CISO) reporting directly to me. Alex will lead all aspects of information security at Yahoo, including our team of Yahoo “Paranoids”, charged with making our products as secure as possible. This is a broad role which includes implementing top-to-bottom security for our products and systems but also to lead the company and the industry in not just how security works today but how it needs to work in the future.

Alex has spent his career building and improving secure, trustworthy systems and is a well-known expert on Internet infrastructure, cloud computing and mobile security. Most recently, he served as the CTO of Artemis and co-founded iSEC Partners. He has been a keynote speaker at FS-ISAC, was a key organizer of TrustyCon, and is frequently requested to present at conferences such as BlackHat, DEF CON, Microsoft Blue Hat and Infragard. He holds a BSEE from the University of California, Berkeley.

Welcome Alex!