Jump to content
Sign in to follow this  
Hello71

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com - Looks like a forgery

Recommended Posts

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210(98.139.210.210); Sun, 11 May 2014 14:52:56 +0000
Received: from 127.0.0.1  (EHLO mail-wi0-f193.google.com) (209.85.212.193)
  by mta1306.mail.bf1.yahoo.com with SMTPS; Sun, 11 May 2014 14:52:55 +0000
Received: by mail-wi0-f193.google.com with SMTP id bs8so982314wib.0
		for <x>; Sun, 11 May 2014 07:52:54 -0700 (PDT)

SpamCop says:

Parsing header:

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210(98.139.210.210); Sun, 11 May 2014 14:52:56 +0000

Masking IP-based 'by' clause.

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210 ; Sun, 11 May 2014 14:52:56 +0000

host 72.30.236.237 (getting name) = web162314.mail.bf1.yahoo.com.

web162314.mail.bf1.yahoo.com is 72.30.236.237

Possible spammer: 72.30.236.237

Received line accepted

Received: from 127.0.0.1 (EHLO mail-wi0-f193.google.com) (209.85.212.193) by mta1306.mail.bf1.yahoo.com with SMTPS; Sun, 11 May 2014 14:52:55 +0000

host 209.85.212.193 = mail-wi0-f193.google.com (cached)

mail-wi0-f193.google.com is 209.85.212.193

72.30.236.237 not listed in cbl.abuseat.org

72.30.236.237 not listed in dnsbl.sorbs.net

72.30.236.237 is not an MX for web162314.mail.bf1.yahoo.com

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com

Possible spammer: 209.85.212.193

Host mta1306.mail.bf1.yahoo.com (checking ip) = 72.30.234.107

72.30.234.107 not listed in cbl.abuseat.org

72.30.234.107 not listed in dnsbl.sorbs.net

209.85.212.193 is not an MX for mta1306.mail.bf1.yahoo.com

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com

Looks like a forgery

Tracking message source: 72.30.236.237:

Routing details for 72.30.236.237

[refresh/show] Cached whois for 72.30.236.237 : abuse[at]yahoo-inc.com

Using best contacts yahoo[at]admin.spamcop.net

Yum, this spam is fresh!

Message is 0 hours old

72.30.236.237 not listed in cbl.abuseat.org

72.30.236.237 not listed in dnsbl.sorbs.net

72.30.236.237 not listed in accredit.habeas.com

72.30.236.237 not listed in plus.bondedsender.org

72.30.236.237 not listed in iadb.isipp.com

From what I can tell though, the appropriate recipient should be gmail, not yahoo. Is this a bug, or is my analysis incorrect?

Share this post


Link to post
Share on other sites

If you will EMAIL the full headers to me, I will be happy to take a look.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

From what I see here, it seems to me as well that Yahoo received an email from Google.

The reference to 127.0.0.1 somehow seems out of place to my tired eyes. I've seen similar referneces to 127.0.0.1 in mail I've received via Yahoo.

Share this post


Link to post
Share on other sites

- Received: from 98.137.13.221 (98.137.13.221) by

- 208.71.41.139(208.71.41.139); Thu, 29 May 2014 18:26:10 +0000

>- by 208.71.41.139

208.71.41.139 is not a valid server name. The Yahoo server handling the email should identify itself with its true name, not its IP address.

That "Received" line should look like this:

Received: from 98.137.13.221 (98.137.13.221) by deli10126.mail.gq1.yahoo.com

(208.71.41.139); Thu, 29 May 2014 18:26:10 +0000

Yahoo changed their headers and SpamCop is having trouble with them. It could go on for a while. We're working with Yahoo to get it fixed.

All you can do for now is keep trying, and delete what you can't report.

Sorry for all the trouble.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×