Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Morac

  • Rank
  1. And I do do this. Every email from a valid Yahoo account that I send to SpamCop, I also send to Yahoo. My point is that not everyone does this. It that example, yes it is. But what is say instead of Comcast it is coming from some block of addresses owned by spammers or say some ISP in some country that doesn't care about spam or say some anonymous proxy server. In that case report from SpamCop goes off into the void while the spammer continues to use the Yahoo Mail account to spam others. I'd say close to 70% of the spam I receive comes from valid Yahoo email addresses, and this is to my Yahoo email address. About 25% comes from Hotmail and the remaining comes from various other places. Yahoo does not do a very good job at preventing outgoing spam. They only close accounts that are used for sending spam. As for hijacked accounts, I'd say if someone is dumb enough to let their account get hijacked and used to mass spam others, then they should be shutdown or at the very least Yahoo should be made aware of it so they can notify the user. In most cases though the spamming accounts are free throwaway accounts created and then discarded. If we can get Yahoo to close them as quickly as possible, it will force the spammers to go elsewhere. Currently though spammers don't seem to have many issues sending spam out from Yahoo. I don't know if Yahoo is actually canceling the accounts or not, but I do know that they read the reports since I get a response for every report I send and I've gotten different responses depending on whether or not the headers were forged or genuine or whether Yahoo servers were being used to host the spam web site. In the case where they are genuine the response says they took action against the account in accordance to their terms of service. The TOS states that sending spam through their servers may subject the sender to civil and criminal penalties. You are correct in that the sender can just create a new account, but if enough accounts get closed fast enough it because an annoyance or hindrance to the spammer so he/she will move elsewhere. Also I've found that most spam from Yahoo falls under certain repeatable patterns. If enough people report the spam, Yahoo can block the spam in the first place.
  2. Well first off, I forwarded the email to abuse[at]yahoo.com, not Network-abuse[at]cc.yahoo-inc.com, but in every case of an email I receive that has a valid Yahoo.com domain-keys signature, I receive a email telling me that action was taken against that account in accordance with their TOS. If the email has a spoofed yahoo.com email address (ie: the domain-keys is not valid), I am told that no action was taken since the address was spoofed. I think the main problem is that SpamCop just ignores the fact that the mail was sent from Yahoo's servers and instead focuses on the actual source. The problem with this method is that the Yahoo account is still being used to sent the spam even if the actual spammer was not using Yahoo as his/her ISP. A second problem is that if the user is going through a proxy server, then the reports will go to the proxy server instead of going to either the user's ISP or Yahoo. In all cases the report should go to Yahoo since that is where the spam technically originates from. Take for example: http://www.spamcop.net/mcgi?action=gettrac...rtid=2642118320 If you look at the headers you will see that someone at sent spam using his Yahoo mail account. Spamcop correctly identifies as it reports that: Then based on this information it sends the report to administrator of So far so good. The problem is that SpamCop doesn't seem to realize that the spam isn't being relayed through Yahoo's servers, but actually being sent from Yahoo's servers. Instead it reports that: The problem here is that according to you, Yahoo is not interested in reports of spam relayed through Yahoo, but in this case the email is originating from Yahoo, not being relayed through them. They are definitely interested in email originating from Yahoo and they want all reports of that sent to abuse[at]yahoo.com. ----------------------- I'll give you a more controlled example with an email I just sent using Yahoo mail's web interface to a Gmail account. I'm connecting to Yahoo's web server from my Comcast ISP, but I could have easily gone through a proxy server. I "x"ed out part of my ip address email addresses for protection.: If you parse this message using the SpamCop method a report would be sent to abuse[at]comcast.net, which is the owner of the 76.116.x.x address even though the mail was not sent from Comcast's email servers. The mail was sent from Yahoo's webmail server. So even if Comcast shuts down the users's email account, the Yahoo account used to send the spam is still open. SpamCop never even attempts to send a report to abuse[at]yahoo.com which is where it should actually go.
  3. Back in September, I reported that SpamCop was not reporting spam sent through Yahoo's servers to the admins of the ISP's where the spam actually originated. For example if someone used his Comcast ISP to send spam through his Yahoo email account to people, then Spamcop would notify Yahoo, but not notify Comcast. This was corrected, but unfortunately it was not corrected correctly. Now Spamcop notifies the user's ISP, but does not notify Yahoo. This means the even if the user's ISP shuts him down, he can still use his Yahoo account since Yahoo is never notified that the Yahoo account is being used to spam others. Here's an example of a spam I sent recently: As you can see Spamcop notifies cableone, but not Yahoo, because Spamcop incorrectly claims that Yahoo's administrator is not interested. This isn't true since when I forward the email to Yahoo, they responded telling me they closed the spammer's account because of a TOS violation. So basically the artificial block that SpamCop set up to prevent notifying Yahoo of spammers needs to be lifted since the amount of spam coming from Yahoo accounts is growing exponentially every day.
  4. I received a spam message at Tue, 16 Oct 2007 18:05:23 -0700 according to the headers. I reported it to SpamCop and SpamCop said it was too old to report since it was received on Sat, 06 Oct 2007 01:56:42 PDT. Well this is wrong. The problem is that SpamCop is checking the date in an additional From header field at the top of the message instead of checking the next line which is the Received: header field. I've noticed this a bunch of times the past day or two so it must be something new. See http://www.spamcop.net/sc?id=z1481446365z8...e267d2548e8e89z
  5. Okay I converted them: http://www.spamcop.net/sc?id=z1434563406z7...c41c33786559c6z http://www.spamcop.net/sc?id=z1434555945zf...ee46cdcc4a2ec4z http://www.spamcop.net/sc?id=z1434166263z4...3a4cba5acfb446z http://www.spamcop.net/sc?id=z1433932749za...f434f034c92870z http://www.spamcop.net/sc?id=z1433859900zd...e729b49e3e61dbz If you look at any of the links above you'll see something like: That line indicates that the user from ip address sent the mail using the Yahoo Mail web page (or the Yahoo Webmail API). Most likely all these are being sent by zombie PC's but that's their problem.
  6. I have tons of example since the owner of the site at (which pulls images from has been spamming continuously the past week via Yahoo. http://www.spamcop.net/mcgi?action=gettrac...rtid=2508260929 http://www.spamcop.net/mcgi?action=gettrac...rtid=2508249586 http://www.spamcop.net/mcgi?action=gettrac...rtid=2507553501 http://www.spamcop.net/mcgi?action=gettrac...rtid=2507150448 http://www.spamcop.net/mcgi?action=gettrac...rtid=2507031764
  7. When signing up for MailHost with my Yahoo account, SpamCop sends an email to my Yahoo address. This allows it to see where spam originates from as long as the originating user doesn't send spam from Yahoo's webmail interface. In that case there will be an entry such as the following in the headers: Received: from [XX.YY.ZZ.WWW] by web57513.mail.re1.yahoo.com via HTTP; Tue, 18 Sep 2007 10:49:45 PDT Since SpamCop didn't send email using the Yahoo web mail interface it doesn't recognize web57513.mail.re1.yahoo.com so it thinks that header is forged. So it identifies Yahoo as the sender. This is only partially correct since the actual sender is the computer located at ip address XX.YY.ZZ.WWW. XX.YY.ZZ.WWW is the actual spammer and while Yahoo can delete his account, XX.YY.ZZ.WWW can just create a new account and spam again. Reporting to XX.YY.ZZ.WWW's ISP could get XX.YY.ZZ.WWW's ISP account suspended but SpamCop doesn't do that for the reason I specified above. So basically SpamCop needs to include web######.mail.re1.yahoo.com in the domains list of Yahoo mail addresses.