Yahoo’s big change to their DMARC policy has sparked a remarkable amount of debate among stakeholders in the email and security ecosystems. As is usually the case with these crowds, there’s a lot of religion both in support of and against the change. I’m trying to stay out of it, but I’m not sure I’m succeeding.

So, to take a small detour, I thought it might be interesting (or at least somewhat less exasperating) to advance some sort of answer to a related question I’m hearing from both sides: who in the actual heck would use an address from a free inbox provider as the From: address for their own marketing and newsletter mail?

From a pure numbers standpoint: not so many (relatively speaking). My employer sends a few tens of millions of messages a day for customers that run the gamut of organizational sizes, industries and volumes, and we found that about 3% of customers who sent mail in the thirty days prior to Yahoo’s DMARC change did so with a Yahoo From: address. That was higher than I expected.

In terms of volume, those customers sent only a bit more than 1% of total message volume in that same period. However, one must take the results with a grain of salt, as they don’t include mail from customers using other free domains – like Aol, Hotmail and Gmail – who are not publishing p=reject.

(As an aside, the numbers are of more than merely academic interest. If DMARC rejections are going to have reputational impact either now or in the future, senders and ESPs will need to assess what the magnitude of that impact is likely to be. It is, in fact, the reason why we pulled the numbers in the first place. More on that in a future article, maybe.)

I’d assumed that we’d be talking about very small senders – mom & pop shops who may know a lot about their own businesses, but who are less sophisticated about the business of sending large amounts of email. By and large, that assumption was correct, but I was still surprised by a number of standouts:

• An embassy of a large European country on upcoming cultural events they’re hosting;
• An American folk music venue with program calendars;
• Several schools’ weekly newsletter for parents of students;
• A metropolitan Ohio chapter of a very well-known national non-profit;
• Several chambers of commerce in smaller, midwestern towns;
• Street closings and road repair updates from a large municipality’s transportation department;
• Program calendars from a small town’s parks and recreation department;
• Updates from an association of religious missions to West Africa;
• A regional chapter of a national non-profit advocating for patients suffering from a particular disease;
• The Historical Society for a New England state in the US;
• A professional association of work-from-home mothers;
• … and so on.

None of this is intended as ballast for any side of the debate over whether the change (or when and how it was made) is good or bad. ESP traffic isn’t even one of the most important things that it has impacted. It’s just the one that I can access any data for.