Jump to content
sehh

Yahoo spam

Recommended Posts

Hello everyone,

I'm quite happy with my SMTP (postfix) spam protection, it uses several RBL's and also a list of milters for content scanning, including grey listing.

But, I do get some spam, all of them seem to have one common characteristic, they come from yahoo. Maybe yahoo with its current financial problems has started accepting "donations" to forward spam?

My question is what to do with yahoo. Their servers pass all the typical tests (SPF, etc) so their emails seem quite legitimate. Since I don't want to block yahoo entirely, is there some other trick that you guys have come up with?

Thank you.

Share this post


Link to post
Share on other sites

That is always a problem. Everyone struggles with the issue of the balance between false-positives, missing valid emails, and false-negatives, getting some spam.

This is often a problem with large providers like Yahoo where you can not use the domain nor IP addresses to filter incoming email.

Share this post


Link to post
Share on other sites

So I take it that this is a common problem?

Based on the above, content filtering is the only way to go then (spamassassin bayes etc), at least as a last resort.

Share this post


Link to post
Share on other sites

Ah, Yahoo. When I was running my own server a few years back, also Postfix, at least 90% of the incoming mail that had some kind of connection with Yahoo (either implied by the alleged sender, or arriving via one of their servers) was spam. My solution was to have a blanket ban on mail from Yahoo. There was the occasional bit of work on my part reviewing what had been rejected, so I could manually maintain a small list of exceptions.

Share this post


Link to post
Share on other sites

I would have to concur with this post. 95% of the spam I receive comes from Yahoo e-mail servers.

Received: from [98.139.213.9] by tm13.bullet.mail.bf1.yahoo.com

Received: from [98.139.215.142] by nm18.bullet.mail.bf1.yahoo.com

Received: from [98.139.211.204] by tm17.bullet.mail.bf1.yahoo.com

Received: from [66.196.81.171] by nm16.bullet.mail.bf1.yahoo.com

Received: from nm16.bullet.mail.bf1.yahoo.com ([98.139.212.175])

Received: from [98.139.213.8] by tm17.bullet.mail.bf1.yahoo.com

Received: from [66.196.81.171] by nm1.bullet.mail.bf1.yahoo.com

Received: from [98.138.226.179] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000

Received: from [98.138.226.58] by tm14.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000

And then, they domain name for the spamming site is from goDaddy.
Hardly get spam from other e-mail servers....maybe I should knock on wood.
Dennis

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×