sehh Posted February 23, 2016 Posted February 23, 2016 Hello everyone, I'm quite happy with my SMTP (postfix) spam protection, it uses several RBL's and also a list of milters for content scanning, including grey listing. But, I do get some spam, all of them seem to have one common characteristic, they come from yahoo. Maybe yahoo with its current financial problems has started accepting "donations" to forward spam? My question is what to do with yahoo. Their servers pass all the typical tests (SPF, etc) so their emails seem quite legitimate. Since I don't want to block yahoo entirely, is there some other trick that you guys have come up with? Thank you.
Lking Posted February 23, 2016 Posted February 23, 2016 That is always a problem. Everyone struggles with the issue of the balance between false-positives, missing valid emails, and false-negatives, getting some spam. This is often a problem with large providers like Yahoo where you can not use the domain nor IP addresses to filter incoming email.
sehh Posted February 23, 2016 Author Posted February 23, 2016 So I take it that this is a common problem? Based on the above, content filtering is the only way to go then (spamassassin bayes etc), at least as a last resort.
lisati Posted February 23, 2016 Posted February 23, 2016 Ah, Yahoo. When I was running my own server a few years back, also Postfix, at least 90% of the incoming mail that had some kind of connection with Yahoo (either implied by the alleged sender, or arriving via one of their servers) was spam. My solution was to have a blanket ban on mail from Yahoo. There was the occasional bit of work on my part reviewing what had been rejected, so I could manually maintain a small list of exceptions.
dlongnecker Posted March 31, 2016 Posted March 31, 2016 I would have to concur with this post. 95% of the spam I receive comes from Yahoo e-mail servers. Received: from [98.139.213.9] by tm13.bullet.mail.bf1.yahoo.com Received: from [98.139.215.142] by nm18.bullet.mail.bf1.yahoo.com Received: from [98.139.211.204] by tm17.bullet.mail.bf1.yahoo.com Received: from [66.196.81.171] by nm16.bullet.mail.bf1.yahoo.com Received: from nm16.bullet.mail.bf1.yahoo.com ([98.139.212.175]) Received: from [98.139.213.8] by tm17.bullet.mail.bf1.yahoo.com Received: from [66.196.81.171] by nm1.bullet.mail.bf1.yahoo.com Received: from [98.138.226.179] by nm23.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000 Received: from [98.138.226.58] by tm14.bullet.mail.ne1.yahoo.com with NNFMP; 31 Mar 2016 21:48:26 -0000 And then, they domain name for the spamming site is from goDaddy. https://www.spamcop.net/mcgi?action=gettrack&reportid=6437216391 https://www.spamcop.net/mcgi?action=gettrack&reportid=6436643177 Hardly get spam from other e-mail servers....maybe I should knock on wood. Dennis
Recommended Posts
Archived
This topic is now archived and is closed to further replies.