[Dshield] Combating SPAM from Yahoo

Gregg Anderson gander at hickorytech.net
Fri Aug 30 03:16:51 GMT 2002


Actually, this is not true 99.9% of the time.

Spammers use Yahoo as a forged "from" address frequently. By looking at the 
fully expanded headers of the mail, you will see that it most often has 
nothing to do with yahoo, regardless what is in the "From:" address 
field.  The "From:" address field is completely irrelavant in mail 
delivery. It is put there from the sending mail client for aesthetic value, 
and it not actually used in the lower level mail transaction process.

...and be carefule looking at the headers - spammers also forge the 
Reverse-DNS naming - making it look like the sending server was yahoo, etc 
when the listed IP next to it is SWIP'd somewhere else - usually somewhere 
in Asia.

You can test this yourself:  in your mail client config, setup a profile 
using ANY address as your "From" address.  Then, send a mail to your real 
address using this fake "from" address profile.  Most ISPs will allow this 
to send.



At 10:15 PM 8/29/2002 -0500, you wrote:
>If anyone gets spam from a Yahoo.com
>e-mail address, put this into your address book:
>
><mailto:mail-abuse at yahoo-inc.com>mail-abuse at yahoo-inc.com
>
>
>  and forward the entire message as it was delivered to you.
>
>They take care of it promptly!
>
>Best regards,
>
>MJM
>
>
>
>
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system 
>(<http://www.grisoft.com>http://www.grisoft.com).
>Version: 6.0.381 / Virus Database: 214 - Release Date: 8/4/02




More information about the list mailing list