Have Yahoo! gone pink?
mpetach at netflight.com
Thu Mar 30 09:22:59 UTC 2006
On 3/29/06, Peter Corlett <abuse at cabal.org.uk> wrote:
> [I'm wearing my personal hat here.]
> I'm getting a *flood* of spam coming in from Yahoo! mailservers, both to
> personal and work addresses. It seems that Yahoo! don't care. Here's the
> response to me piping a sample one through Spamcop:
> Yahoo claim "After investigation, we have determined that this email
> did not originate from the Yahoo! Mail system. It appears that the sender
> this message forged the header information to give the impression that it
> came from the Yahoo! Mail system."
> The spam headers claim otherwise:
> Received: from mrout3.yahoo.com ([188.8.131.52])
> by relay-1.mail.uksolutions.net with esmtp (Exim 4.50)
> id 1FJbCW-0002Ag-IV
> for sales at uksolutions.co.uk; Wed, 15 Mar 2006 18:58:29 +0000
> As does DNS and whois:
> abuse at mooli:~$ host 184.108.40.206
> 220.127.116.11.in-addr.arpa domain name pointer mrout3.yahoo.com.
> abuse at mooli:~$ host mrout3.yahoo.com
> mrout3.yahoo.com has address 18.104.22.168
> abuse at mooli:~$ whois 22.214.171.124
> OrgName: Yahoo! Inc.
> OrgID: YAHOOI-2
> Address: 701 First Avenue
> City: Sunnyvale
> StateProv: CA
> PostalCode: 94089
> Country: US
> Doing double-DNS lookups of the IP addresses on other spams also give
> yahoo.com hostnames, and they're typically in DNSBLs for being sources of
> spam and a useless abuse address.
> So, which IP blocks shall I null-route then? Or is there anybody here from
> Yahoo! with a clue? (OK, you can all stop laughing now.)
Ewww. p4pnet.net is part of a company Yahoo acquired that is still in the
process of being integrated. :(
Personally, I'd just null-route the blocks--I'm sure it'll decrease the load
on the Internet as a whole while Yahoo works on trying to clean up their
acquisitions. Of course, that's me speaking for myself, and not in any
way shape or form speaking for my employer. ^_^;;
There are spam clueful people at Yahoo from the NANAE and anti-spam
communities--when stuff like this shows up in public forums, it does get
noticed and passed along. I agree, it would be better if it could garner
the right level of attention without being called out in public forums like
> PGP key ID E85DC776 - finger abuse at mooli.org.uk for full key
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG