Yahoo! Stupidity, or Spammer Cleverness?

[Telarin]

Ok, this has happened to me a couple times now, this is just the latest installment. We'll start with a tracking link, and then a little background information.

http://www.spamcop.net/sc?id=z1521094116z8...56e948caafbbdbz

If you look at the message source, you'll see that it is in theory a text/plain message, however, it is base64 encoded so it is not readily readable from the source, however, pretty much every mail reader handles it just fine and properly decodes and displays it.

Content-Type: text/plain

Content-Transfer-Encoding: base64

The decoded message read something like this for anyone who is interested (note the link has been munged a bit so I don't give the spammer any search engine points):

Hurry.

.Excellent quality watches,

fast shipping and good e-mail contact..Save 15% today!

For More Info, Please View here : http: //geocities.com/MiguelWilkins

In addition to my usual submission to spamcop, this message was also forwarded to geo-alert[at]cc.yahoo-inc.com because of the spammed geocities link.

A few hours later, I get this reply back from Yahoo:

<snip>...we have determined that this email message did not originate from the Yahoo! Mail system. The "yahoo.com" address associated with the email does not exist...</snip>

So apparently spammers have figured out a way to work the yahoo help desk to keep their yahoo redirect sites from being easily shut down by simply forwarding the message to the geocities abuse desk.

I sent this followup to Yahoo, we'll see what they say

Once again, this email was forwarded to geo-alert[at]cc.yahoo-inc.com due to the spammed geocities link it contained. It was not sent because of the trivially forged yahoo email address.

Is there a better address for me to forward spammed geocities links to that will prevent you from being confused about this in the future?

[jongrose]

I've always just used the abuse[at]yahoo.com address for anything from Yahoo, and have never gotten a response ever, not even an automated one. Yahoo's FAQ says that their regular abuse addy is fine for this too [Google search "geocities abuse"]. Abuse.net also gives the address abuse[at]geocities.com.

[Telarin]

I used the abuse[at]geocities.com address up until a couple months ago when it started bouncing as a non-existent address.

I never had this problem until spammers started sending me geocities links using a forged yahoo FROM address and a base64 encoded body. The abuse desk doesn't appear to go any further than the forged addy and kicks it out as "not their problem" despite the spammed geocities link.