You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/05/15 19:25:10 UTC
yahoo.com acknowledges no control over third party email from their
mail servers
Yahoo.com says that they can't control email sent from third parties,
relayed through their mail servers.
"
Yahoo! has no control over activities outside its service, and therefore
we cannot take action
"
Sad, when for 12 years, the technology has existed to prevent third
party relaying like this.
Maybe after M$ purchases yahoo and converts their qmail based system to
exchange it will run so slow that spammers won't even try. ;-)
sure looks like a dkim signed email, directly from yahoo.com servers.
-------- Original Message --------
Subject: Re: spam: salesforce.com partner. (KMM70800336V71910L0KM)
Date: Thu, 15 May 2008 10:18:33 -0700
From: Yahoo! Mail <ab...@yahoo.com>
Reply-To: Yahoo! Mail <ab...@yahoo.com>
To: Michael Scheidell <sc...@secnap.net>
Hello,
Thank you for writing to Yahoo! Mail.
I understand your frustration in receiving unsolicited email. While we
investigate all reported violations against the Yahoo! Terms of Service
(TOS), in this particular case the message you received was not sent
through the Yahoo! Mail system.
Yahoo! has no control over activities outside its service, and therefore
we cannot take action. You may try contacting the sender's email
provider, by identifying the sender's domain and contacting the
administrator of that domain. The sender's provider should be in a
better position to take appropriate action against the sender's account.
The email message itself does contain some information relating to the
sender's identity. Yahoo! includes the originating Internet Protocol
(IP) address in the full Internet headers of all messages sent through
Yahoo! Mail, so that we will have information regarding the origin of
messages sent through our system. The originating IP address should be
located in the very last "Received" line of the full Internet headers
and corresponds to the sender's Internet Service Provider (ISP).
Please see the following URL for more assistance:
http://help.yahoo.com/help/us/mail/spam/spam-05.html
Once you have identified the IP address, you can conduct an IP lookup to
determine which ISP provides this person with Internet access. One such
lookup tool you may want to try is:
http://www.arin.net/whois/
You can then attempt to contact that ISP to report any abuse activities
occurring within their service.
In addition, please visit the following website for useful tools to
combat spam:
http://antispam.yahoo.com/
Please let us know if you still need assistance so I may assist you
further.
Your patience during this process is greatly appreciated.
Thank you again for contacting Yahoo! Mail.
Regards,
Elmer
Yahoo! Customer Care
48669416
For assistance with all Yahoo! services please visit:
http://help.yahoo.com/
Original Message Follows:
-------------------------
Violation of federal 'can-spam' law, no remove instructions.
>From - Wed May 14 11:33:23 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from fl.us.spammertrap.net (fl.us.spammertrap.net
[204.89.241.173])
by mail.secnap.net (Postfix) with ESMTP id 6DD2D164838
for <sc...@secnap.net>; Wed, 14 May 2008 11:00:36 -0400 (EDT)
Received: from web1114.biz.mail.sk1.yahoo.com
(web1114.biz.mail.sk1.yahoo.com [74.6.114.46])
by fl.us.spammertrap.net (Postfix) with SMTP id C81DC2E11E
for <sc...@secnap.net>; Wed, 14 May 2008 11:00:29 -0400 (EDT)
Received: (qmail 87348 invoked by uid 60001); 14 May 2008 15:00:28 -0000
X-YMail-OSG:
ASTRkxoVM1lVNBnAvqAlUlsvvFjUtF2Kp4L84RZktzwZXp4_ug2_rMYrHaqxvQ7kqS2uA692
gY8uLuq5lFY1uXomCG.W0Ha_RA--
Received: from [65.35.185.180] by web1114.biz.mail.sk1.yahoo.com via
HTTP; Wed, 14 May 2008 08:00:28 PDT
X-Mailer: YahooMailRC/902.40 YahooMailWebService/0.7.185
Date: Wed, 14 May 2008 08:00:28 -0700 (PDT)
From: Nicholas Pizzi <ni...@intellectinternational.net>
Subject: Intellect International & Salesforce.com
To: scheidell@secnap.net
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <89...@web1114.biz.mail.sk1.yahoo.com>
Return-Path: scheidell@secnap.com
X-OriginalArrivalTime: 14 May 2008 15:00:37.0038 (UTC)
FILETIME=[4466E4E0:01C8B5D3]
Hi Michael,
I hope all is well. My name is Nicholas Pizzi, and I'm with
Intellect International. We are a partner with SalesForce.com.
(snipped)
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: yahoo.com acknowledges no control over third party email
from their mail servers
Posted by SM <sm...@resistor.net>.
At 10:32 15-05-2008, John Hardin wrote:
>On Thu, 15 May 2008, Michael Scheidell wrote:
>
>>I understand your frustration in receiving unsolicited email. While
>>we investigate all reported violations against the Yahoo! Terms of
>>Service (TOS), in this particular case the message you received was
>>not sent through the Yahoo! Mail system.
>
>>Received: from web1114.biz.mail.sk1.yahoo.com
>>(web1114.biz.mail.sk1.yahoo.com [74.6.114.46])
>> by fl.us.spammertrap.net (Postfix) with SMTP id C81DC2E11E
>> for <sc...@secnap.net>; Wed, 14 May 2008 11:00:29 -0400 (EDT)
>
>I assume you trust fl.us.spammertrap.net?
I understand your frustration in receiving unsolicited mail from an
IP address that points to a yahoo.com subdomain and which is directly
allocated to a Yahoo! company.
>How the hell can they disown that? The rDNS is from a domain they control!
Some providers ignore abuse reports for mail originating from
business customers.
Regards,
-sm
Re: yahoo.com acknowledges no control over third party email from
their mail servers
Posted by mouss <mo...@netoyen.net>.
Michael Scheidell wrote:
> John Hardin wrote:
>> On Thu, 15 May 2008, Michael Scheidell wrote:
>>
>>> I understand your frustration in receiving unsolicited email. While
>>> we investigate all reported violations against the Yahoo! Terms of
>>> Service (TOS), in this particular case the message you received was
>>> not sent through the Yahoo! Mail system.
>>
>>> Received: from web1114.biz.mail.sk1.yahoo.com
>>> (web1114.biz.mail.sk1.yahoo.com [74.6.114.46])
>>> by fl.us.spammertrap.net (Postfix) with SMTP id C81DC2E11E
>>> for <sc...@secnap.net>; Wed, 14 May 2008 11:00:29 -0400 (EDT)
>>
>> I assume you trust fl.us.spammertrap.net?
>>
> i AM fl.us.spammertrap.net ;-)
hmmm. I've seen almost exactly the same wording (in french) from a
french ISP. so I would guess that they have a script that failed to
"qualify" the complaint because there is an "extra hop". try resending
after removing the first Received header and see if it gets further...
>
>> How the hell can they disown that? The rDNS is from a domain they
>> control!
>>
> DKIM SIGNED NO LESS!
I see no dkim signature.
Re: yahoo.com acknowledges no control over third party email from
their mail servers
Posted by Michael Scheidell <sc...@secnap.net>.
John Hardin wrote:
> On Thu, 15 May 2008, Michael Scheidell wrote:
>
>> I understand your frustration in receiving unsolicited email. While
>> we investigate all reported violations against the Yahoo! Terms of
>> Service (TOS), in this particular case the message you received was
>> not sent through the Yahoo! Mail system.
>
>> Received: from web1114.biz.mail.sk1.yahoo.com
>> (web1114.biz.mail.sk1.yahoo.com [74.6.114.46])
>> by fl.us.spammertrap.net (Postfix) with SMTP id C81DC2E11E
>> for <sc...@secnap.net>; Wed, 14 May 2008 11:00:29 -0400 (EDT)
>
> I assume you trust fl.us.spammertrap.net?
>
i AM fl.us.spammertrap.net ;-)
> How the hell can they disown that? The rDNS is from a domain they
> control!
>
DKIM SIGNED NO LESS!
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
RE: yahoo.com acknowledges no control over third party email from their mail servers
Posted by James Pratt <jp...@norwich.edu>.
> -----Original Message-----
> From: Michael Scheidell [mailto:scheidell@secnap.net]
> Sent: Friday, May 16, 2008 7:46 AM
> To: John Hardin
> Cc: SpamAssassin Users List
> Subject: Re: yahoo.com acknowledges no control over third party email
> from their mail servers
> >
> > How the hell can they disown that? The rDNS is from a domain they
> control!
> >
> Didn't disown it, just said it didn't come from a yahoo.com authorized
> source, ie: they have open third party relay and just allow random
> spammers
> to use their servers.
>
> I get that email response from them 75% of the time, which means
> (according
> to yahoo.com) that 75% of the spam coming from yahoo.com DKIM signed
> servers
> is from third partys, not authorized yahoo.com users.
>
If you get testy with them and mail them back and forth about it, and
include links to the whois/dig output *proving* that they are
lying/hiding/whatever, they will eventually "fess up", and a day or so
later, you should receive the standard "We have taken appropriate action
against the user in question (yadda-yadda)" email. ...Whether or not
they actually *do* anything is obviously an unknown, however, I agree
that this is just *bad*, so I tend to "call them on it" every time if I
can/have the time.
IOTW - I'm not exactly on "Elmer's" buddy-list... ;)
Re: yahoo.com acknowledges no control over third party email from
their mail servers
Posted by Michael Scheidell <sc...@secnap.net>.
> From: John Hardin <jh...@impsec.org>
> Date: Thu, 15 May 2008 10:32:29 -0700 (PDT)
> To: Michael Scheidell <sc...@secnap.net>
> Cc: SpamAssassin Users List <us...@spamassassin.apache.org>
> Subject: Re: yahoo.com acknowledges no control over third party email from
> their mail servers
>
>
> How the hell can they disown that? The rDNS is from a domain they control!
>
Didn't disown it, just said it didn't come from a yahoo.com authorized
source, ie: they have open third party relay and just allow random spammers
to use their servers.
I get that email response from them 75% of the time, which means (according
to yahoo.com) that 75% of the spam coming from yahoo.com DKIM signed servers
is from third partys, not authorized yahoo.com users.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: yahoo.com acknowledges no control over third party email from
their mail servers
Posted by John Hardin <jh...@impsec.org>.
On Thu, 15 May 2008, Michael Scheidell wrote:
> I understand your frustration in receiving unsolicited email. While we
> investigate all reported violations against the Yahoo! Terms of Service
> (TOS), in this particular case the message you received was not sent
> through the Yahoo! Mail system.
> Received: from web1114.biz.mail.sk1.yahoo.com (web1114.biz.mail.sk1.yahoo.com
> [74.6.114.46])
> by fl.us.spammertrap.net (Postfix) with SMTP id C81DC2E11E
> for <sc...@secnap.net>; Wed, 14 May 2008 11:00:29 -0400 (EDT)
I assume you trust fl.us.spammertrap.net?
How the hell can they disown that? The rDNS is from a domain they control!
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
6 days until the 4th anniversary of SpaceshipOne winning the X-prize