Jump to content
System Outages Tuesday, October 18, 2022 ×

Yahoo - "nothing to do" why make the effort to report


Recommended Posts

The only reasons to report it is to either get the admin to deal with it or have the admin's server blacklisted and not able to send any email. The latter issue points back to the first issue where the admin now will want to deal with it so they don't have to deal with not being able to send email.
Link to comment
Share on other sites

On 2/16/2023 at 1:25 AM, moreofless said:

Why make the effort to report phishing and spam?

If you're getting this on emails received at a Yahoo! email address, check the headers.

Very often, the Yahoo! headers are "corrupted" by what seems to be an error in the Yahoo! system, which means that the last IP address from which the email is received is 127.0.0.1, e.g.

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Fri, 19 Aug 2022 00:02:42 +0000

You'll find this line at the very top of the headers.

I've complained to Yahoo! about this, but found it impossible to get through the very limited support that they provide.  Their response is basically "just use our spam filtering".

SpamCop treats this as an internal handoff, but since it is the last step in the headers, SpamCop sees it as an error and so gives the "nothing to do" message. 

I've assumed that SpamCop won't be interested in allowing for this in its system, and so haven't reported it to them, but you could give them a try.

Link to comment
Share on other sites

The way I see it, that loopback address injected in the headers happens by some MX servers.

(edit: apparently ONE specific mail server: atlas-production.v2-mail-prod1-gq1.omega.yahoo.com)

I see the loopback address and some 10.x.x.x addresses while the previous received line mostly always has that 10.x.x.x received line as the by receiver.

spam messages:
Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-fgr6h.gq1.yahoo.com with HTTP; Sun, 26 Feb 2023 22:36:22 +0000
Received: from 163.172.197.175 (EHLO slaveholds.store)
 by 10.253.231.22 with SMTP;

Received: from 10.217.137.136
 by atlas306.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Thu, 23 Feb 2023 22:39:17 +0000
Received: from 212.83.154.22 (EHLO toderat.biz)
 by 10.217.137.136 with SMTP;
 Thu, 23 Feb 2023 22:39:17 +0000

Received: from 10.197.34.205
 by atlas320.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Thu, 23 Feb 2023 17:48:25 +0000
Received: from 195.154.54.73 (EHLO flesugho.art)
 by 10.197.34.205 with SMTP;
 Thu, 23 Feb 2023 17:48:25 +0000

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-6878b8dbc4-nzz7h.gq1.yahoo.com with HTTP; Wed, 22 Feb 2023 22:01:21 +0000
Received: from 185.222.59.55 (EHLO dagene.putretee.com)
 by 10.214.167.142 with SMTP;
 Wed, 22 Feb 2023 22:01:21 +0000

vs.

non-spam messages:
Received: from 10.217.151.74
 by atlas314.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Mon, 20 Feb 2023 10:52:03 +0000
Received: from 188.172.138.10 (EHLO outbyoip10.pod18.euc1.zdsys.com)
 by 10.217.151.74 with SMTPs
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
 Mon, 20 Feb 2023 10:52:03 +0000

Received: from 10.217.150.141
 by atlas318.free.mail.ne1.yahoo.com pod-id NONE with HTTPS; Sun, 19 Feb 2023 08:10:32 +0000
Received: from 188.172.138.14 (EHLO outbyoip14.pod18.euc1.zdsys.com)
 by 10.217.150.141 with SMTPs
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
 Sun, 19 Feb 2023 08:10:32 +0000

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-6878b8dbc4-cpz9n.gq1.yahoo.com with HTTP; Sun, 19 Feb 2023 07:00:24 +0000
Received: from 159.127.162.246 (EHLO mta246aa.pmx1.epsl1.com)
 by 10.253.232.218 with SMTPs
 (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
 Sun, 19 Feb 2023 07:00:24 +0000
Received: from [10.233.18.107] ([10.233.18.107:39158])
	by pc1udsmtn2n13 (envelope-from <bounce-HP2v610000018668793f488450a8434b5c55d8190@premiumservices.comms.yahoo.net>)
	(ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ECSTREAM
	id 00/65-46805-709C1F36; Sun, 19 Feb 2023 07:00:23 +0000

this absolutely last one is from yahoo itself which would or could be taken as spam, but since it's a yahoo own advertisement message (which I believe I must have agreed to receive by creating my "free" yahoo! account) I dont think I can call it spam.... but you see how broken that last header is, and I looked for every received line...

Edited by RobiBue
Link to comment
Share on other sites

On 2/27/2023 at 2:00 AM, atarspam said:

If you're getting this on emails received at a Yahoo! email address, check the headers.

Very often, the Yahoo! headers are "corrupted" by what seems to be an error in the Yahoo! system, which means that the last IP address from which the email is received is 127.0.0.1, e.g.

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com with HTTP; Fri, 19 Aug 2022 00:02:42 +0000

You'll find this line at the very top of the headers.

I've complained to Yahoo! about this, but found it impossible to get through the very limited support that they provide.  Their response is basically "just use our spam filtering".

SpamCop treats this as an internal handoff, but since it is the last step in the headers, SpamCop sees it as an error and so gives the "nothing to do" message. 

I've assumed that SpamCop won't be interested in allowing for this in its system, and so haven't reported it to them, but you could give them a try.

Why can't SpamCop (aka Cisco Systems) work with Yahoo to fix this?  If they do not talk to each other, the problem will continue and more people will be ripped off than is necessary.

Link to comment
Share on other sites

There are many ISPs who do not talk to each other, and even if they do, oftentimes it takes an act of God to get them to actually work together to find a solution as they are, more often than not, set in their own ways.

Link to comment
Share on other sites

10 hours ago, moreofless said:

this one really has nothing to do.
someone needs to talk to google and yahoo about headers.

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-mcmnh.gq1.yahoo.com with HTTP; Sat, 4 Mar 2023 18:43:45 +0000
Received: from 209.85.128.182 (EHLO mail-yw1-f182.google.com)
 by 10.253.234.152 with SMTPs
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
 Sat, 04 Mar 2023 18:43:45 +0000
Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-536af432ee5so106803007b3.0
        for <x>; Sat, 04 Mar 2023 10:43:45 -0800 (PST)

1st stop: google receives the email. where from? mail-yw1-f182.google.com knows but isn't saying and sends it on its merry way.

2nd stop: MX 10.253.234.152 (some network internal Mail eXchange, probably at Yahoo!) receives the email from IP 209.85.128.182 (EHLO mail-yw1-f182.google.com) and the EHLO identifies the host correctly, and sends it on.

3rd and last stop: atlas-production.v2-mail-prod1-gq1.omega.yahoo.com (most probably that 10.253.234.152 MX) receives it from its internal loopback address 127.0.0.1 (and that's the reason I presume it's one and the same) placing it in your inbox (or spam folder)

and without mailhosts set up, I get: https://www.spamcop.net/sc?id=z6801431911z7b5140eb5b213b9de4a00693eadf89b1z

Quote
Parsing header:
 
Received:  from 127.0.0.1 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-mcmnh.gq1.yahoo.com with HTTP; Sat, 4 Mar 2023 18:43:45 +0000
host 127.0.0.1 (getting name) no name
127.0.0.1 discarded

Received:  from 209.85.128.182 (EHLO mail-yw1-f182.google.com) by 10.253.234.152 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Sat, 04 Mar 2023 18:43:45 +0000
host 209.85.128.182 (getting name) = mail-yw1-f182.google.com.
mail-yw1-f182.google.com is 209.85.128.182
Possible spammer: 209.85.128.182
Received line accepted

Received:  by mail-yw1-f182.google.com with SMTP id 00721157ae682-536af432ee5so106803007b3.0 for <x>; Sat, 04 Mar 2023 10:43:45 -0800 (PST)
no from
Ignored
209.85.128.182 not listed in cbl.abuseat.org
209.85.128.182 listed in dnsbl.sorbs.net ( 1 )
209.85.128.182 is not an MX for mail-yw1-f182.google.com

of course, the problem is the following: Routing details for 209.85.128.182

redirects to google-abuse-bounces-reports@devnull.spamcop.net

😞

Edited by RobiBue
Link to comment
Share on other sites

Posted (edited)
On 3/5/2023 at 12:46 AM, RobiBue said:

this one really has nothing to do.
someone needs to talk to google and yahoo about headers.

Received: from 127.0.0.1
 by atlas-production.v2-mail-prod1-gq1.omega.yahoo.com pod-id atlas--production-gq1-7f77b4df7d-mcmnh.gq1.yahoo.com with HTTP; Sat, 4 Mar 2023 18:43:45 +0000
Received: from 209.85.128.182 (EHLO mail-yw1-f182.google.com)
 by 10.253.234.152 with SMTPs
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
 Sat, 04 Mar 2023 18:43:45 +0000
Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-536af432ee5so106803007b3.0
        for <x>; Sat, 04 Mar 2023 10:43:45 -0800 (PST)

1st stop: google receives the email. where from? mail-yw1-f182.google.com knows but isn't saying and sends it on its merry way.

2nd stop: MX 10.253.234.152 (some network internal Mail eXchange, probably at Yahoo!) receives the email from IP 209.85.128.182 (EHLO mail-yw1-f182.google.com) and the EHLO identifies the host correctly, and sends it on.

3rd and last stop: atlas-production.v2-mail-prod1-gq1.omega.yahoo.com (most probably that 10.253.234.152 MX) receives it from its internal loopback address 127.0.0.1 (and that's the reason I presume it's one and the same) placing it in your inbox (or spam folder)

and without mailhosts set up, I get: https://www.spamcop.net/sc?id=z6801431911z7b5140eb5b213b9de4a00693eadf89b1z

of course, the problem is the following: Routing details for 209.85.128.182

redirects to google-abuse-bounces-reports@devnull.spamcop.net

😞

Maybe Spamcop and Yahoo and Google should make use of Zoom or Teams and fix the problem instead of finger pointing.

 

The bottom line is a reported a PHISHING email and just wasted my time. Cisco, Yahoo, and Google are are huge companies with many highly skilled people. If no one gets all there people on the same call, it will never get fixed and this helps the criminals steal more money.

Edited by moreofless
Link to comment
Share on other sites

8 hours ago, moreofless said:

Google don't accept SpamCop reports
Also it is not Yahoo that is your email server it is a network "Received: from 127.0.0.1"

Edited by petzl
Link to comment
Share on other sites

1 hour ago, petzl said:

Google don't accept SpamCop reports
Also it is not Yahoo that is your email server it is a network "Received: from 127.0.0.1"

just to clarify:
127.0.0.1 is a so-called loopback address, which resides in the machine itself.
in other words: every computer system, small or large, has a 127.0.0.1 address, which is its own address (loopback to itself).
that address in the received: header only means that it got the email from itself using the loopback.

That's one reason why SC ignores that address, because it knows that it can safely ignore it and get the next (previous) received: line

Link to comment
Share on other sites

9 hours ago, moreofless said:

Maybe Spamcop and Yahoo and Google should make use of Zoom or Teams and fix the problem instead of finger pointing.

 

The bottom line is a reported a PHISHING email and just wasted my time. Cisco, Yahoo, and Google are are huge companies with many highly skilled people. If no one gets all there people on the same call, it will never get fixed and this helps the criminals steal more money.

oftentimes I report an email as phishing in the google own spam link while additionally reporting it through SC even though goog doesn't receive the latter complaint.
if enough spam passes through that system and it is reported (even though to deaf ears) it will feed the blocklist and there are savvy people in that company that will dump their spamming customer if it affects them.

time wasted? honestly, I don't think so. aggravating? sure, even more so because there seems to be no end to it; but eventually even the mightiest will take action...

(at least that's what I choose to believe)

Link to comment
Share on other sites

5 hours ago, RobiBue said:

just to clarify:
127.0.0.1 is a so-called loopback address, which resides in the machine itself.
in other words: every computer system, small or large, has a 127.0.0.1 address, which is its own address (loopback to itself).
that address in the received: header only means that it got the email from itself using the loopback.

That's one reason why SC ignores that address, because it knows that it can safely ignore it and get the next (previous) received: line

I go to the Yahoo email "Web mail" site get my headers there, not yet had a problem with parsing spam.
As a result I rarely get spam.
If you are downloading this "Web mail" with your own program, mark leave and mark read. Then get you headers direct?

 

 

 

 

 

 

 

 

/

Edited by petzl
Link to comment
Share on other sites

Posted (edited)
On 3/7/2023 at 2:05 AM, petzl said:

I go to the Yahoo email "Web mail" site get my headers there, not yet had a problem with parsing spam.
As a result I rarely get spam.
If you are downloading this "Web mail" with your own program, mark leave and mark read. Then get you headers direct?

 

I am using the view raw message link provided by Yahoo.

Nothing to do.

https://www.spamcop.net/sc?id=z6801922068z1b7f1cf96907e154afe289ac4466ed0cz

 

Edited by moreofless
Link to comment
Share on other sites

8 hours ago, moreofless said:

I am using the view raw message link provided by Yahoo.

Nothing to do.

https://www.spamcop.net/sc?id=z6801922068z1b7f1cf96907e154afe289ac4466ed0cz

 

Strange don't happen with me, I just get the headers and body from Yahoo's web page
My mailhost is set posted from Google which don't accept SpamCop reports and told me so
Finds the sending IP no trouble?
"google-abuse-bounces-reports]AT]devnull.spamcop.net"
209.85.128.170 (Administrator of network where email originates)
https://www.spamcop.net/sc?id=z6801971064z5f1853e8f244f4c1fa2027eb3c45ca9fz

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...