Linux Consultant

Yahoo Temporarily Defers Email with Message 421

Recently, many Internet mail providers have increased measures used to fight against SPAM, or unsolicited bulk email. Yahoo, an extremely popular mail provider, is no exception to this trend. Yahoo has recently started “grey listing”, or deferring mail, from many domains. These mail deferrals are irritating to marketers and business owners alike, and can have a significant impact on business done via email. If you receive bounced messages from Yahoo stating that the mail was deferred with message 421, your mail server has probably been grey listed.

If you find out that your mail server's mail is being temporarily deferred with error message 421, there are still many options out there to fix this issue. From Yahoo's own FAQ on this subject, you are given the following advice:

  • Ensure that your mail server is not operating as an open relay.
  • Don't send bulk unsolicited email.
  • Remove stale email addresses from your mailing lists.
  • Use your domain name consistently throughout your marketing emails.
  • Adjust your mail server's sending queue rate to respect Yahoo's servers.

However, the best piece of advice that Yahoo offers is to setup an email authentication method on your mail server. Although this sounds complicated and expensive, free software solutions are available that take less than an hour or two to install and configure properly.

In addition to the best practices listed above, installation of a DomainKeys Identified Mail (DKIM) based software solution for your mail server is the best way to prevent your emails being temporarily deferred with error message 421. DKIM is a standardized method for mail servers to send and sign emails. To implement DKIM, you must add a DNS record to your domain, and also install a software filter that will sign outgoing emails with a unique signature.

Adding a DNS record to your domain name is relatively easy, and should take less than 15 minutes. To add a DNS record with DKIM, you create a special type of record called a TXT record. This record contains a public key which allows other mail servers to confirm that your mail server has the proper key for sending emails. Once public key has been added to your DNS management interface, you are ready to add the private key to the mail filter software.

The exact process of adding a private DKIM key to the mail filter software that signs emails from your Mail Transfer Agent (MTA) varies depending on which MTA you use. If you, for instance, use Postfix on a Linux server as a MTA, you will want to use dkim-milter to sign the emails from Postfix. However, if you are using a MTA such as DeskNow, you will have to also install a MTA that is capable of talking to a filter software.

Once your DKIM filter software and public DNS record have been created, you will be able to test the configuration by examining the headers of emails sent from your domain. If the mail service you are using to test email authentication supports DKIM (such as Gmail), you should be able to see something similar to the screenshot below:

Yahoo Temporarily Defers Email with Message 421

As you can see, the red outline area in this screenshot shows that the DKIM filter software is doing it's job by signing outgoing emails. The filter software used in this example is called DKIM Filter, and it is a Sendmail and Postfix compatible filter. Once the DKIM filter software successfully begins signing your emails, Yahoo should stop deferring your mail messages entirely. Rarely, clients have also had to contact Yahoo to correct the issue.

If you have any difficulty following the instructions in this article, or wish for me to setup a DKIM filter on your server, please don't hesitate to contact me.