[False Positive] Yahoo Mail App

[markangus2b]

I was setting up the Yahoo Mail app on a family members new Galaxy Tab A8 tablet and found Yahoo requires these domains to work properly on their Android app. I am using NextDNS on my Edgerouter. Blocking these two domains will result in a “Something went wrong” error message after clicking the sign-in button.

udc.yahoo.com
geo.yahoo.com

The next domain causes the same error message, but only when using Account keys to sign in by approving the login from another device.
pr.comet.yahoo.com

[hagezi]

Thanks for the advice, I already had another message from a user on Telegram yesterday. For web and iOS I had to whitelist other domains so the Yahoo app and using the mail account in Outlook worked. Crazy since they came from different sources, they seem to have changed something in the app. I'm sure it would have been noticed sooner.

The complete whitelist for Web/iOS and Android now looks like this (EDIT):

consent.yahoo.com
#geo.yahoo.com
guce.oath.com
#m.yap.yahoo.com
pr.comet.yahoo.com
#udc.yahoo.com
#udcm.yahoo.com

ping sources:

consent.yahoo.com - @migueldemoura

• Was needed to show/confirm the cookie dialog on the web to get to the login screen.

geo.yahoo.com - @AdguardTeam @Alex-302 @anudeepND @badmojr @bigdargon @bongochong @Cats-Team @d3ward @easylist @migueldemoura @notracking @sjhgvr @StevenBlack @uniartisan @logroid @sjhgvr

EDIT: No whitelisting required, problem was caused by enabled NextDNS Blockpage!

• I think you should check again if the whitelisting of this domain is really necessary. It is already quite widespread. For web/iOS the whitelisting was not necessary. For Android apparently it is. Could someone test this again? I don't have any Android devices to test. Thanks!

guce.oath.com - @badmojr

• Was needed to get to the login screen in the app, login without whitelisting was not possible. Same for Outlook mobile app.

m.yap.yahoo.com - @anudeepND @badmojr @bigdargon @bongochong @Cats-Team @d3ward @ookangzheng

EDIT: with m.yap.yahoo.com blocked no news are shown in the finance app. If you unblock it, the news and in between ads are displayed. For the Yahoo Mail app I did not notice any restrictions.

• Not directly related to the Mail app, but needed for the Finance app, see below: m.yap.yahoo.com AdguardTeam/AdguardFilters#59810

pr.comet.yahoo.com - @AdguardTeam @Alex-302 @badmojr @bigdargon @bongochong @Cats-Team @notracking @sjhgvr

• Needed for using Account keys to sign in by approving the login from another device.

udc.yahoo.com - @AdguardTeam @Alex-302 @anudeepND @badmojr @bigdargon @bongochong @Cats-Team @easylist @migueldemoura @sjhgvr @StevenBlack @uniartisan

EDIT: No whitelisting required, problem was caused by enabled NextDNS Blockpage!

• “Something went wrong” error message after clicking the sign-in button in the Android App.

udcm.yahoo.com - @anudeepND @badmojr

EDIT: No whitelisting required, problem was caused by enabled NextDNS Blockpage!

• “Something went wrong” error message after clicking the sign-in button in the iOS App. Cookie dialog does not appear.

In advance, thank you to all who are involved,
Gerd

@yokoffing fyi

[markangus2b]

I used my Galaxy S22 running Android 13 01/01/23 security patch level. I used the whitelisted domains you provided. I tried to sign-in with the following configuration on NextDNS

Blocklist

geo.yahoo.com

Allowlist

consent.yahoo.com
geo.yahoo.com
guce.oath.com
m.yap.yahoo.com
pr.comet.yahoo.com
udc.yahoo.com
udcm.yahoo.com

The results were the same. I click sign-in, type my username, click next and get the something went wrong error message.

I also tried the using the same configuration with the Outlook app and successfully logged in without any issues.

Thanks for resolving these issues quickly!

[hagezi]

@markangus2b Many thanks for testing.

[bongochong]

I'm not blocking udc.yahoo.com but thank you for the info about the 3 domains which I am blocking, @hagezi . Looking into all of this. Will probably take a while to figure it out, but in motion nonetheless.

[bongochong]

This should be mostly resolved in my standard lists, and completely resolved in my less aggressive Mini lists within an hour or two. Thanks again @hagezi. Always appreciate your thoroughness, and how you keep other projects + list maintainers in the loop.

[hagezi]

Many thanks @bongochong.

[bongochong]

Hey again @hagezi. I did some extra testing using a spare device running Android 10, and another spare device running Android 11. Methods of blocking included the local VPN route (AdAway and Rethink), along with two resolvers - via private dns - that block several of the domains in question (AdGuard and DNSWarden w/my larger list enabled). I performed a variety of actions using an old Yahoo account I've had for maybe two decades now, and I encountered no issues while using the Yahoo Mail application with geo.yahoo.com blocked. Every function of the application worked as expected with said domain blocked. I just removed it from the whitelist for the more lenient set of lists I maintain, as it is a known tracking domain so I'd rather keep it blocked on all fronts. I'm not sure, but perhaps the problems encountered by @markangus2b with this domain blocked have something to do with NextDNS in particular?

[hagezi]

@bongochong Thanks for testing. I also have no problems with blocked geo.yahoo.com on iOS. Maybe @markangus2b can test again.
Perhaps the problem only occurs in a certain region, which is quite possible.

[chillipal]

Just FYI:
I use Pro Plus with NextDNS and noticed recently ads showing up in Yahoo and AOL iOS mobile apps and traced that to the following host being not blocked:
m.yap.yahoo.com

The previous version of Pro Plus has yap.yahoo.com blocked that blocked all subdomains of yap.yahoo.com but the new update has these two: ads.yap.yahoo.com and ads-verify.yap.yahoo.com.

I have added yap.yahoo.com to my Denylist on nextdns.
Also I never had any issue with geo.yahoo.com blocked in the past. I added it to my Denylist and no issues with Yahoo or AOL.

[hagezi]

Thanks @chillipal, will check the whitelisting of m.yap.yahoo.com.

[hagezi]

@chillipal I have tested the Yahoo Finance app, with m.yap.yahoo.com blocked no news is displayed in the app. If you unblock it, the news and in between ads are displayed. When I retested the Yahoo Mail app I did not notice any restrictions.
I will leave the domain unblocked for Light to Pro but block it again in Pro++ and Ultimate.

[markangus2b]

I have done further testing and have confirmed what @bongochong thought. NextDNS is causing the issue.

I found that disabling the NextDNS Block Page feature on the Settings tab allows me to successfully sign into the Yahoo Mail app consistently with geo.yahoo.com and udc.yahoo.com on my Denylist.

I would guess that the reason for this behavior would be that the Yahoo app is looking up geo.yahoo.com and is instead being returned blockpage.nextdns.io.

During the same test I tried adding pr.comet.yahoo.com to my Denylist. Doing so still caused the app to error out when trying to setup "Account Keys". Loging in, along with other functionality seemed to be normal.

Now that I know NextDNS can cause these kinds of problems. I will have a separate configuration without any other NextDNS security services turned on to prevent this situation from happening again. I apricate everyone's time and effort in uncovering and resolving this issue. I will report this to NextDNS via the community forums.

[bigdargon]

@hagezi Sorry for the late reply! 2 domains m.yap.yahoo.com and pr.comet.yahoo.com for me cannot be removed, the reason these 2 domains are used to display ads in Yahoo applications.

Previously, I used MiTM to resolve HTTPS in Yahoo app (iOS), it contains ads so I need to block it!

@markangus2b You should leave the default configuration in the Settings tab, for me NextDNS works fine. Do not enable Block Page and CNAME Flattening.

[bigdargon]

Update: I used MiTM again to test. In my opinion, still have to block m.yap.yahoo.com (because this domain contains ads), maybe remove geo.yahoo.com and pr.comet.yahoo.com (if it breaks the service)

[hagezi]

Many thanks @bigdargon and @markangus2b .

I had not thought about the block page, this feature belongs banned from NextDNS. @romaincointepas

After all the back and forth and the test orgies, this leaves the following domains that need to be whitelisted for the Yahoo Mail app to work:

Login:

consent.yahoo.com
guce.oath.com

Only for setup Account Keys:

pr.comet.yahoo.com

fyi @yokoffing

[Alex-302]

@bigdargon Hi. What the app is it #269 (comment)?

[migueldemoura]

Didn't add a comment to this, but I also fixed this in my lists, thanks a bunch!

[yokoffing]

I've removed the unnecessary domains now as well. Thank you for pinging me @hagezi.

[bigdargon]

@Alex-302 Quantumult X https://apps.apple.com/vn/app/quantumult-x/id1443988620

[hagezi]

I think we can close here, thanks again to all involved.

[notracking]

Thanks all, fixed it as well!