Have Yahoo! gone pink?
bonomi at mail.r-bonomi.com
Thu Mar 30 14:41:48 UTC 2006
> Cc: nanog at nanog.org
> Subject: Re: Have Yahoo! gone pink?
> From: Valdis.Kletnieks at vt.edu
> Date: Wed, 29 Mar 2006 16:55:23 -0500
> Content-Type: text/plain; charset=us-ascii
> On Wed, 29 Mar 2006 21:28:26 GMT, Peter Corlett said:
> > Yahoo claim "After investigation, we have determined that this email message
> > did not originate from the Yahoo! Mail system.
> Received: from EXCHG01-DUB.Europe.Search.Corpsys.P4pnet.net
> (cluster01-dub.europe.search.corpsys.p4pnet.net [172.30.132.19])
> by mrout3.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id k2FIupeH049008;
> Wed, 15 Mar 2006 10:56:52 -0800 (PST)
> Hey, what do you know... if you trust both uksolutions.net and yahoo.com's
> Received: lines, it didn't originate at Yahoo - it came from p4pnet.net. ;)
> (A fine demonstration of the difference between being truthful and being helpful :)
Of course, this ignores the fact that '172.30.132.19' is in RFC-1918 space.
Now _how_ 'mrout3.yahoo.com' got that message *is* open for speculation.
Even more interesting is how it got DNS name resolution on that address.
Best available evidence indicates that _that_ header line is a total
As I recall, the header added by the destination system showed receipt
from a yahoo machine (and a valid IP address, belonging to yahoo).
It's possible that yahoo's auto-parsing got misled by the bogus header
> Content-Type: application/pgp-signature
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v220.127.116.11 (GNU/Linux)
> Comment: Exmh version 2.5 07/13/2001
> -----END PGP SIGNATURE-----
More information about the NANOG