Jump to content

Why aren't Yahoo addresses being flag as spam?


Recommended Posts

For quite while now when I report spam with spamcop, it is not catching the original sender of the e-mail. I paste the complete headers in the GUI and it only flags the websites the e-mail is pointing to. I go to another website that parses the e-mail and it tells me Yahoo servers are the guilty parties, but they don't get listed in the spamcop report.

I've pasted part of the headers below at the bottom....one of my analyzers says

Originating IP:
Originating ISP: Yahoo! Europe

But spamcop isn't finding any of this and only sends an abuse to comcast.net

This is the same if I cut the raw headers out of my e-mail client and paste into spamcop or forward the e-mail as an attachment to the spamcop address. I get about 5 spam e-mails a day from the same place.

Am I doing something wrong?

Return-Path: othahakiefferhatu2881[at]yahoo.com
Received: from reszmta-ch2-08v.sys.comcast.net (LHLO
reszmta-ch2-08v.sys.comcast.net) ( by
resmail-po-246v.sys.comcast.net with LMTP; Tue, 9 Feb 2016 00:56:23 +0000
Received: from resimta-ch2-14v.sys.comcast.net ([])
by reszmta-ch2-08v.sys.comcast.net with comcast
id G0t91s02k0KAWzH010wPU5; Tue, 09 Feb 2016 00:56:23 +0000
Received: from nm31-vm1.bullet.mail.ir2.yahoo.com ([])
by resimta-ch2-14v.sys.comcast.net with comcast
id G0uL1s02B1uQhSk010uNu6; Tue, 09 Feb 2016 00:54:23 +0000
X-CAA-spam: F00000
X-Authority-Analysis: v=2.1 cv=JfRB1h+V c=1 sm=1 tr=0
a=uzUpqhR7HfyP2Hmg+QDtQQ==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10
a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10
a=jFJIQSaiL_oA:10 a=YfFJMV-3AAAA:20 a=iLZ-leCFAAAA:20 a=1PJDDMUdAAAA:20
a=NZrp_aWcAAAA:20 a=ix8eH7dkAAAA:20 a=mTRizwjrAAAA:20 a=-GhZnFAOAAAA:20
a=G2n_K31vAAAA:20 a=tBoWEwYA6nPDhrmFYpYA:9 a=QEXdDO2ut3YA:10
a=bALo8Gh57gYA:10 a=BGHb84ZX6DgA:10 a=thP6Ab4tef4A:10 a=EsYVw3wIw1cA:10
Authentication-Results: resimta-ch2-14v.sys.comcast.net;
dkim=pass header.d=yahoo.com header.b=Ef0EbomO
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1454979260; bh=QR+dKIf9wbgZsY4b5ZDGRBIVTy2U+OaWcInJeeuOvtM=; h=To:From:Subject:Date:From:Subject; b=Ef0EbomOjvXHE+iSzhTcja0PcmAoB3Jfstpa9NVXh8VfglrVQRvJSYGX0XlKsaZNq4IA9DX4ZoINZQGvA9P3BippYfgvm6xohfWJIiW8tUT1Tg0OAhQdSrEpee74sc5I1JbvG7vxScupIA1erX3Iam286sjmh5GRfaLh2tPfVNTsecS550ZcLpda0CmHJXZ5FkOFj4lP3S2vupHcho2MTtDJ/C9SPhkD7x4q8TUT/J2nA85zFELLNJ6veGADiZ0EI9sCa0+G3fhogTTxx6Vc9GSB3fQ4DwSJ2Dw+neb57BKM77DxiINyCLTObtezYSpciOaUrOH/XMubFEcGEIgVxQ==
Received: from [] by nm31.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000
Received: from [] by tm9.bullet.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000
Received: from [] by smtp144.mail.ir2.yahoo.com with NNFMP; 09 Feb 2016 00:54:20 -0000
X-Yahoo-Newman-Id: 194802.59738.bm[at]smtp144.mail.ir2.yahoo.com
X-Yahoo-Newman-Property: ymail-3

Link to comment
Share on other sites

Sorry here it is: https://www.spamcop.net/sc?id=z6210338025z07881b142c9577c988589b07302b9647z

None of the 98.139.... addresses are even mentioned in the report

eceived: from reszmta-ch2-01v.sys.comcast.net (LHLO
reszmta-ch2-01v.sys.comcast.net) ( by
resmail-po-246v.sys.comcast.net with LMTP; Wed, 10 Feb 2016 00:29:37 +0000
Received: from resimta-ch2-18v.sys.comcast.net ([])
by reszmta-ch2-01v.sys.comcast.net with comcast
id GQ4w1s06x0QMCLM01QVd9p; Wed, 10 Feb 2016 00:29:37 +0000
Received: from nm3-vm0.bullet.mail.bf1.yahoo.com ([])
by resimta-ch2-18v.sys.comcast.net with comcast
id GQTd1s00G3LS1GJ01QTdet; Wed, 10 Feb 2016 00:27:37 +0000
X-CAA-spam: F00000
X-Authority-Analysis: v=2.1 cv=VJ8g5I7X c=1 sm=1 tr=0
a=ShkE6dxMhVxIz4CqgcZ0Vg==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10
a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=5HJ6KZJP-kkA:10 a=ZZnuYtJkoWoA:10
a=jFJIQSaiL_oA:10 a=iRiDHzTbAAAA:20 a=mJ13SSIGAAAA:20 a=uf8i7LTUAAAA:20
a=X5SlxfJeAAAA:20 a=FOmS_1etb7tNoesycXUA:9 a=QEXdDO2ut3YA:10
a=E4kUXCl2bboA:10 a=iwWp-_zyRIgA:10 a=FjF1CFJ0Iz4A:10 a=a8ycZRaUjJAA:10
Authentication-Results: resimta-ch2-18v.sys.comcast.net;
dkim=pass header.d=yahoo.com header.b=Iu5aVu+p
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1455064057; bh=RBFDXHK+GEU908UXnTG3PmiAxwQRtXeWVfR6Yjm/rkk=; h=To:From:Subject:Date:From:Subject; b=Iu5aVu+pZf34640McOLuBivzA3x2AyZAmiiByU0Q0fAYwE+G34F4cu4qDfrdlfsNZrb+gJR5V/G0/dDQzuKePSuiLgDyZQDg3T3tkeIKxO6FwASQF2PuRRTJEawr6gwkVd70BUutQnvyBIgp6G4J3OUm+pH0D+Rb+lGM20/PAjKNT9D1yZ4h/5hWHxbBdMQygZTj+EOCBLmAHbG4ZulJxYB57ixqddUsquzOHylFFi+BwU+/qYsqOp2rBtezdYdGmmWPsLcikt/1yaKZoseMpDNXAMiJPNfP6fFyOJBoPboHsP2Rz4Y5CXoGr7MgQjkBgyPMTjeKqguiCF2/m0YaWQ==
Received: from [] by nm3.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:37 -0000
Received: from [] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000
Received: from [] by smtp209.mail.bf1.yahoo.com with NNFMP; 10 Feb 2016 00:27:36 -0000

Link to comment
Share on other sites

Reading the news, sounds like Yahoo is going the way of aol. That does not resolve any current issues.

The SpamCop parser is by design adverse to false-positives, thus not sending what may be a false report to Yahoo. That does not preclude you from sending the report to Yahoo either separately or by adding a Yahoo abuse address to the reporting webpage, with a note when you validate the submitted report.

I don't think what you are seeing is a bug, but the results of making sure that a false-positive is not reported.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...