Fuck-You Spammers and Fuck-You Yahoo!

[bernse]

I am anal about keeping my home email address private. I never sign up for mailing lists. Hell, I don’t even give my address out to relatives as some always seem to think its “nice” to send you an E-card or whatever they think is neat on the net and has a “send to a friend” option.

Nevertheless, I always seemed to somehow get my share of spam. It used to ALWAYS be from either:

@excite.com
@hotmail.com
@msn.com
@yahoo.com

Recently, there have reportedly been crackdowns on Spam from the above companies and email services. I would guess that it has been 6 months since I have received a single spam from any of them.

EXCEPT

Yahoo.

Every. Single. Piece. Of. Spam. I receive is from a yahoo.com address. EVERY SINGLE ONE WITHOUT EXCEPTION. Unfortunately, that is about 6 per day. Compared to other spam sufferers I am sure thats “low” but it annoys the fuck outta me. I get everything from “Make you cock huge” to “The Best Anti-Virus Software” to “Stop Spam” :rolleyes:

For fucks sake. Why can’t you idjits be 1/2 as good as your “competition?” Excite and MS has been extremely successful in my opinion on combating spam. I even went so far as to alert them to my plea a few weeks ago in a nice, kindly written out email. No reply. Not even an automated scripted response. I guess they couldn’t give a shit.

Yahoo - Take a lesson from them. Find out what software and methods they are using and apply them! You’re fucking annoying and probably the biggest single spam provider on the net!

[Reuben]

Are you sure the message originates from yahoo.com? In case you didn’t already know, in spam email the sender’s address is usually spoofed…

Spoofing is (unfortunately) very trivial to do, due to lack of clairvoyance when the email protocols were defined 20 or 30 years ago.

[bernse]

Are you sure the message originates from yahoo.com?

No… but then again I haven’t received any from the other email providers spoofed or not. That’s making me think Yahoo is dropping the ball. How can I find out? Will it say in the message properties?

[Reuben]

The thing to do is to look at what are called the emails “headers”. This is the routing information that prefixes the email as it is sent between machines. Find those and paste them here and I can show you how to analyse it to find where the email really came from.

How to get to see the email headers varies from email client to email client. If you use Microsoft Outlook 2000/XP, open the email and select “Options” from the “View” menu. The dialog box that pops up has a box in the middle marked “Internet Headers” that you can copy and paste from.

[bernse]

I looked at a couple and found this in the properties:

Received: from mx2.mail.yahoo.com ([24.225.59.201])

Whaddya think? Do I have a right to bitch?

[Monty]

I think that depends on where in the header you found it, bernse.

[bernse]

From another one:

Return-Path: <cdliu@yahoo.com>
Received: from mx1.mail.yahoo.com ([69.14.96.223])
by priv-edtnes15-hme0.telusplanet.net
(InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
id <20031023135908.HHDI18619.priv-edtnes15-hme0.telusplanet.net@mx1.mail.yahoo.com>;
Thu, 23 Oct 2003 07:59:08 -0600
Message-ID: <000012c41bd3$0000536d$00004078@mx1.mail.yahoo.com>

[Nanoda]

If you use telusplanet, then I’d have to say you’ve got a legitimate beef there.

(The reason you have to check being that I can add the line
Recieved: mail.foo.net
to the header of my e-mails, and a cursory look would show that the message came from foo.net, to me, to you.)

[Reuben]

Hey bernse,

Is that the whole header for that email? Let’s assume it is.

An email can be routed via many email servers and gateways. As it passes through each one, that computer sticks a “Received:” line in the header noting it’s own address and the address of the machine who sent it. To determine who really sent an email, the line we’re interested in is the earliest “Received:” line in the list.

In this specific case of yours there is only one line, and it says the email was received from mx1.mail.yahoo.com ([69.14.96.223]). It looks pretty damning for Yahoo at first glance, however you must disregard the domain part of the address mx1.mail.yahoo.com. This can be set by the sending machine to anything at all, and spammers usually do set it to some made up address to add to the confusion. The bit the spammer cannot falsify is the originating IP address: in this case 69.14.96.223.

To find out who an IP address really belongs to, there are several ways to find out but the way I do it (I’ve forgotten the others I’m sorry to say) is to open a command prompt and use the tracert command. Doing a “tracert 69.14.96.223” just now goes to the domain wideopenwest.com. These are the guys to direct your vitriolic scorn at. A quick look at http://www.wideopenwest.com suggests they’re some kind of cable ISP.

What sort of product was the spam selling anyway?

[MarkofT]

Here are a couple of results from DNS lookups. Neither mx1.mail.yahoo.com or mx2.mail.yahoo.com live at the ip address shown in that headers. Whois information shows that the 69.14.96.223 IP belongs to Wide Open West, a Michigan ISP and the 24.225.59.201 IP belongs to Earthlink.

C:&gt;nslookup mx2.mail.yahoo.com
Non-authoritative answer:
Name: mx2.mail.yahoo.com
Addresses: 64.156.215.5, 64.156.215.6, 64.157.4.78

C:&gt;nslookup 69.14.96.223
Name: d14-69-223-96.try.wideopenwest.com
Address: 69.14.96.223

C:&gt;nslookup mx1.mail.yahoo.com
Non-authoritative answer:
Name: mx1.mail.yahoo.com
Addresses: 64.156.215.5, 64.156.215.6, 64.157.4.78, 64.157.4.79

Try SpamCop for good information on how to view the headers and what you should look for.

[Teelo]

Does spam mail even work?
I mean, we hear from so many people they delete it right away, so why havent the spammers taken a hint? Maybe it does work?

[Doomtrain]

Of course it works. They survive (and thrive) on the 1/10 of 1% who are stupid enough to click the email and order the product. Given the large number of stupid people in the population, they make money.