A few days ago Aol Mail was hacked, and users’ address books were scraped. Today, Aol announced moves that will help other mail providers reject email messages sent from email accounts spoofed from this security breach.
Like Yahoo earlier this month, Aol changed its DMARC policy to reject. This puts a line of text in its DNS record telling mailbox providers to reject Aol mail if it didn’t come from an Aol server. While effectively stopping email sent from spoofed accounts, this also affects bulk email that would have previously been authorized.
With this line of code, Aol is telling other email providers to trash email if it wasn’t sent from Aol.
TechCrunch was told by sources close to the company that they believe less than 1 percent of all Aol Mail users were impacted by this security breach. Still, that 1% was a vocal minority as the hashtag #aolhack is still going strong with users still reporting spoofing issues.
Disclosure: TechCrunch is owned by Aol. Thankfully TechCrunch’s staff uses Gmail.