Sign in to follow this  
Followers 0

SERVERHUB flooding me as if it comes from Yahoo

2 posts in this topic

I'm getting 3 to 5 of these a day for 2 months now.

They have fake YAHOO.COM e-mail addresses, the subjects are about products. Every one of them when I look at the contents are for images that have many different letting combinations but ALL have .party/ as the last part of the image location. For instance, this one:


Others inside have other confusing ones to me but do INCLUDE my e-mail address:

<img src="http;\\peltbangswiestdaunt,party/19915644k140e2002308?eb=i******@****" />

I assume that is how they can track me?

A typical SpamCop report always comes back as it is coming from SERVERHUB.COM? Don't know how it made that connection?

After the report is sent, I can see this on SPAMCOP:

The HEADER for that one is:


Return-Path: <>
Authentication-Results: cdptpa-imsmta06; dkim=pass
Received: from [] ([]
    by cdptpa-imsmta06 (envelope-from <>)
    (ecelerity r(Core: with ESMTPS (cipher=DHE-RSA-CAMELLIA256-SHA)
    id 0F/76-13528-E3EED885; Sun, 29 Jan 2017 13:29:34 +0000
Received: (qmail 97002 invoked from network); 29 Jan 2017 13:16:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1485695778; bh=gGfWdN6RC3yXfNbEMYT3J+OEY8eZa0S9LXQ4MtN0QVY=; h=Message-ID:Date:From:To:Subject:Content-Type; b=MITSLzafvddVfXxZCb7cwA4j2noD18AN7IoQ+1gf8W7p0zo7M1RDln3fMcaPvl9434ALsXOzCMbiMKbygmOouEW5f+TBx1pAsN9s5fRLi81qB5ktGuJO4SyxvhzZ/1gk+AtmiOWWyrUAyua/8aaPVC3lXihvbFsYPe/jBMlChno=
Message-ID: <>
Date: Sun, 29 Jan 2017 13:16:18 +0000 (UTC)
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: tqWQH_YVM1n8jsE2uLp2bRKDjph5McZuBA63MHzD_EY_TtK
X-Yahoo-SMTP: LoI572yswBCSbUI_5YkmxJmLSAqIHsv.SzvTWEeVrl.eSN.23aXFE9aQAQqZOiS5QKhCox0-
From: Senior Living <>
Subject: Looking for 55+ living in 2017?
Content-Type: text/html; charset=UTF-8
X-Authority-Analysis: v=2.1 cv=WtfWSorv c=1 sm=1 tr=0 a=IXwzD+xon/F+YVC+ra/VSA==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=79YnABSCSewA:10 a=IgFoBzBjUZAA:10 a=FD_G_oyTAAAA:8 a=ayC55rCoAAAA:8 a=fhRY4CD02UBmV23WEHMA:9 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=jf6ifqx8wrbFtL1ejoTd:22 a=B_RyunTPg8udlmYm5Cu2:22
X-Cloudmark-Score: 0


Body contains:


<a href="">
<img src="" border="0" />
<br />
<a href="">
<img src="" border="0" />
</a><img src="" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" /><img src="*******@*****.com" />


So basically I have 2 questions?

1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too?

2) Why are the reports being ignored?

I've even used my ISP's spam REPORTING and it still had not stopped? My ISP does have spam Filters, but only back on FROM and blocking all YAHOO.COM doesn't help me.


Share this post

Link to post
Share on other sites

Welcome to the SpamCop forum.

Please note that I have broken the first link in your post. 

  • Not knowing what the spammer now has at the end of this link OR may have in the future, I do not want to follow the link. Nor does SpamCop want to have, what may be a poisonous link in this forum that some visitor could follow to disastrous results.
  • We do not want a link on this forum to assist a spammer get better SEO ratings by having references to their domain.

Thank you for providing a Tracking URL as an example of the spam you are addressing.  By providing the Tracking URL, all of up can see the spam, and how the SpamCop parser processed your submission, without you copping the spam into your post.

I notice the spam cut/pasted into your post is not the same as the Tracking URL

8 hours ago, IrvSp said:

1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too?

If you will look near the bottom of the results of parsing the spam you will see


[report history]
Host (checking ip) =
Resolves to
Routing details for
Using smaller IP block (/ 11 vs. / 16 )
Removing 1 larger (> / 11 ) route(s) from cache
[refresh/show] Cached whois for :
Using abuse net on
abuse net =,
Using best contacts redirects to redirects to



Which explains why reports were sent to SERVERHUB.COM, because they host a link included in the body of the spam, not because they sent the spam.

Looking at the bottom of the results you will see


Re: (Administrator of network where email originates)

Internal spamcop handling: (yahoo)

Which tells us that the IP address where the spam originated, is controlled by Yahoo, and SpamCop does not send them spam reports.


8 hours ago, IrvSp said:

2) Why are the reports being ignored?

Because they are spammers and they don't care.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0