Malwarebytes Blocks Suspicious Yahoo Mail Redirect Domains, Raising Third‑Party Risk for Email Users
What Happened – Malwarebytes’ Web Protection and Browser Guard began flagging and blocking a series of third‑party domains that Yahoo Mail’s web interface contacts during normal use. The domains (e.g., cook.howduhtable.com and related sub‑domains) are part of opaque redirect chains that resolve to URLs such as https://gpt.mail.yahoo.net/sandbox?....
Why It Matters for TPRM –
- Third‑party redirect infrastructure can be hijacked, turning benign telemetry into a delivery vector for malicious content.
- Repeated blocking alerts indicate that the vendor’s web‑mail platform relies on components with poor reputations, a supply‑chain risk for any organization that permits employee use of Yahoo Mail.
- Unclear purpose of the redirects (advertising, tracking, telemetry) makes it difficult to assess the true exposure without deeper vendor scrutiny.
Who Is Affected – Consumer‑facing email services, SaaS email platforms, enterprises that allow Yahoo Mail for business communication, and any downstream security tools that rely on web‑traffic reputation data.
Recommended Actions –
- Review internal policies on the use of Yahoo Mail for business purposes.
- Validate that endpoint and web‑gateway controls can reliably block the identified redirect domains.
- Engage Yahoo (or the email service provider) for clarification on the purpose of the flagged domains and request remediation.
- Monitor Malwarebytes and other threat‑intel feeds for any evolution of the redirect infrastructure.
Technical Notes – The redirects are triggered by embedded components in Yahoo Mail, use frequently changing sub‑domains, and encode parameters that hide the final destination. No CVE is associated; the risk stems from third‑party dependency and potential malicious advertising/telemetry flow. Source: https://www.malwarebytes.com/blog/threat-intel/2026/05/why-malwarebytes-blocks-some-yahoo-mail-redirects