Jump to content

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com - Looks like a forgery


Recommended Posts

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210(98.139.210.210); Sun, 11 May 2014 14:52:56 +0000
Received: from 127.0.0.1  (EHLO mail-wi0-f193.google.com) (209.85.212.193)
  by mta1306.mail.bf1.yahoo.com with SMTPS; Sun, 11 May 2014 14:52:55 +0000
Received: by mail-wi0-f193.google.com with SMTP id bs8so982314wib.0
		for <x>; Sun, 11 May 2014 07:52:54 -0700 (PDT)

SpamCop says:

Parsing header:

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210(98.139.210.210); Sun, 11 May 2014 14:52:56 +0000

Masking IP-based 'by' clause.

Received: from 72.30.236.237 (72.30.236.237) by 98.139.210.210 ; Sun, 11 May 2014 14:52:56 +0000

host 72.30.236.237 (getting name) = web162314.mail.bf1.yahoo.com.

web162314.mail.bf1.yahoo.com is 72.30.236.237

Possible spammer: 72.30.236.237

Received line accepted

Received: from 127.0.0.1 (EHLO mail-wi0-f193.google.com) (209.85.212.193) by mta1306.mail.bf1.yahoo.com with SMTPS; Sun, 11 May 2014 14:52:55 +0000

host 209.85.212.193 = mail-wi0-f193.google.com (cached)

mail-wi0-f193.google.com is 209.85.212.193

72.30.236.237 not listed in cbl.abuseat.org

72.30.236.237 not listed in dnsbl.sorbs.net

72.30.236.237 is not an MX for web162314.mail.bf1.yahoo.com

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com

Possible spammer: 209.85.212.193

Host mta1306.mail.bf1.yahoo.com (checking ip) = 72.30.234.107

72.30.234.107 not listed in cbl.abuseat.org

72.30.234.107 not listed in dnsbl.sorbs.net

209.85.212.193 is not an MX for mta1306.mail.bf1.yahoo.com

72.30.236.237 is not an MX for mta1306.mail.bf1.yahoo.com

Looks like a forgery

Tracking message source: 72.30.236.237:

Routing details for 72.30.236.237

[refresh/show] Cached whois for 72.30.236.237 : abuse[at]yahoo-inc.com

Using best contacts yahoo[at]admin.spamcop.net

Yum, this spam is fresh!

Message is 0 hours old

72.30.236.237 not listed in cbl.abuseat.org

72.30.236.237 not listed in dnsbl.sorbs.net

72.30.236.237 not listed in accredit.habeas.com

72.30.236.237 not listed in plus.bondedsender.org

72.30.236.237 not listed in iadb.isipp.com

From what I can tell though, the appropriate recipient should be gmail, not yahoo. Is this a bug, or is my analysis incorrect?

Link to comment
Share on other sites

From what I see here, it seems to me as well that Yahoo received an email from Google.

The reference to 127.0.0.1 somehow seems out of place to my tired eyes. I've seen similar referneces to 127.0.0.1 in mail I've received via Yahoo.

Link to comment
Share on other sites

  • 3 weeks later...

- Received: from 98.137.13.221 (98.137.13.221) by

- 208.71.41.139(208.71.41.139); Thu, 29 May 2014 18:26:10 +0000

>- by 208.71.41.139

208.71.41.139 is not a valid server name. The Yahoo server handling the email should identify itself with its true name, not its IP address.

That "Received" line should look like this:

Received: from 98.137.13.221 (98.137.13.221) by deli10126.mail.gq1.yahoo.com

(208.71.41.139); Thu, 29 May 2014 18:26:10 +0000

Yahoo changed their headers and SpamCop is having trouble with them. It could go on for a while. We're working with Yahoo to get it fixed.

All you can do for now is keep trying, and delete what you can't report.

Sorry for all the trouble.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...