Yahoo! claims to value their customers, stating “We respect our customers above all else”.  They also claim to value Community and state they are committed to serving both the Internet community and their own communities.  They also claim that they don’t value bureaucracy, arrogance, sloth and many other concepts that make for bad business, yet I can’t say that I’m convinced.

I’ve been dealing with Yahoo! FOR YEARS (since 2005) in my alter-ego attempts to shut down phishing sites and contact owners of compromised web servers.

During the first year or so, they had COMPLETE IDIOTS working in the department that handled abuse complaints.  I would send them an email detailing an email address that was being used by a phishing site to collect the victims’ data, or telling them of a domain they recently registered that was being used as a phishing site.  They would constantly send me back responses asking for the headers and body of the email I received.  I would constantly send them back a reply indicating that I wasn’t complaining about an email I received – I was complaining about a domain or email address being used for illegal purposes.  They would again send me back another response asking for the headers and body of the email I received.  I would again send them back an email indicating that I wasn’t complaining about an email I received – I was complaining about a domain or email address being used for illegal purposes.  This would go back and forth for 4 or 5 iterations before they’d actually do something about the issue in the original email.

It took some complaints and rants on a few public forums before someone from Yahoo! contacted me directly and told me to try an alternate email address to send my complaints to.  Phew!  After over a year of dealing with idiots on their front line, I was able to get to the second stage of support directly. Woo hoo!!  Of course, I shouldn’t have to know someone on the inside to get the alternate abuse email address, but I finally did.  Maybe life didn’t have to be so frustrating after all?!?

It turns out, there’s a separate special email address for dealing with domain names that have been hosted thru Yahoo! as well.  It got to the point that I would report a domain name that was recently registered and used to host a phishing site, and the site would literally be offline within 30 minutes! (I think the record was 5 minutes – great job Yahoo!)  In recent years, the process worked like a well-oiled machine.

Every now and then, I’d run across a domain whose registration was legitimate, but the admin and/or technical contact used a Yahoo! email address.  I these cases, I would send an email to the given email addresses letting the owner of the domain know their server had been hijacked and was being used to host one or more phishing sites.  The best way to tell someone where the phishing content on their compromised server is was to send them the complete URL of the phishing site.

I don’t know when, but some time ago (more than 2 years?), Yahoo! starting blocking emails to their users that contained apparent phishing URLs (as determined by some anti-phishing groups).  When I tried to contact the owner of a compromised web site using a Yahoo! email address, the email would bounce with the following message:

<DOMAIN-OWNER@yahoo.com>
    (reason: 554 Message not allowed - [PH01] Email not accepted for policy
    reasons.  Please visit http://postmaster.yahoo.com/errors/postmaster-27.html
    [120])

OK, makes sense.  They are trying to protect their users from phishing sites.  Good on ya!

Here comes the problem: Yahoo! has received emails from me for years.  They know that I’m on the up-and-up, and yet when I send them one of these bounce messages and ask them to forward the original email to their user (so that the user can be made aware that their server has been hacked), they refuse!  Of course, they start off by completely misinterpreting the reason for my emails.  After attempting to reeducate them, they seemed to realize the intention behind these emails, but THEY STILL REFUSE TO HELP ME HELP THEIR USER!

I have asked MANY MANY TIMES how do I get my email address and server WHITELISTED so I can continue to help their users without being blocked like this?  They’ve known me long enough to know that I’m not going to scam or spam their users!  It has gotten to the point that they seem to be completely ignoring my emails asking them to forward something to one of their users!

This is what gets me…  Yahoo! claims to have values.

Excellence?  Innovation?  Customer Fixation?  TEAMWORK??  Community?!?  Words are cheap, Yahoo!…  On one hand, you claim to have an “infectious sense of mission to make an impact on society”, yet when an outsider such as myself asks for a simple request IN AN EFFORT TO HELP YOUR USERS, you all but ignore me!?!

I’m sure one of the largest ISPs in the world knows how to do whitelisting?!?

And then there is their “What we don’t value…” list:

Really??  Bureaucracy, arrogance, formality, sloth, head in the sand, one size fits all, too big for your britches, closed doors, passing the buck!  You claim there are all things YOU DON’T VALUE, but I’m not seeing it.  You make it IMPOSSIBLE to speak with someone there who can actually help out with an issue.  You think the only way people should have to contact you is via email or (worse yet) web forms!  Your “one size fits all” mentality prevents you from even considering that someone from the outside may have something beneficial to offer your users (unless you can make money on it)!