Have Yahoo! gone pink?
Robert Bonomi
bonomi at mail.r-bonomi.com
Thu Mar 30 14:41:48 UTC 2006
> Cc: nanog at nanog.org
> Subject: Re: Have Yahoo! gone pink?
> From: Valdis.Kletnieks at vt.edu
> Date: Wed, 29 Mar 2006 16:55:23 -0500
>
>
> --==_Exmh_1143669323_3096P
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, 29 Mar 2006 21:28:26 GMT, Peter Corlett said:
>
> > Yahoo claim "After investigation, we have determined that this email message
> > did not originate from the Yahoo! Mail system.
>
> Received: from EXCHG01-DUB.Europe.Search.Corpsys.P4pnet.net
> (cluster01-dub.europe.search.corpsys.p4pnet.net [172.30.132.19])
> by mrout3.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id k2FIupeH049008;
> Wed, 15 Mar 2006 10:56:52 -0800 (PST)
>
> Hey, what do you know... if you trust both uksolutions.net and yahoo.com's
> Received: lines, it didn't originate at Yahoo - it came from p4pnet.net. ;)
>
> (A fine demonstration of the difference between being truthful and being helpful :)
Of course, this ignores the fact that '172.30.132.19' is in RFC-1918 space.
<wry grin>
Now _how_ 'mrout3.yahoo.com' got that message *is* open for speculation.
Even more interesting is how it got DNS name resolution on that address.
Best available evidence indicates that _that_ header line is a total
fabrication.
As I recall, the header added by the destination system showed receipt
from a yahoo machine (and a valid IP address, belonging to yahoo).
It's possible that yahoo's auto-parsing got misled by the bogus header
shown above.
>
> --==_Exmh_1143669323_3096P
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Exmh version 2.5 07/13/2001
>
> iD8DBQFEKwJLcC3lWbTT17ARAhcbAKDYpN/L2fVwYu9w2E4jG1P+knnPFwCdEliY
> YSY/cunFfCJoJ8zky9YhYP8=
> =qdCE
> -----END PGP SIGNATURE-----
>
> --==_Exmh_1143669323_3096P--
>
More information about the NANOG
mailing list