mailto: blog -at- heyrick -dot- eu
Phishing and Yahoo!
I received the following by email:
From - Thu Jun 07 06:20:28 2012
X-Apparently-To: firstname.lastname@example.org via 188.
125.83.173; Mon, 04 Jun 2012 08:00:45 +0000
Received-SPF: none (domain of yahoo.com does not designate pe
rmitted sender hosts)
Authentication-Results: mta1099.mail.ukl.yahoo.com from=yaho
o.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=neu
tral (no sig)
Received: from 127.0.0.1 (EHLO smtprelay.b.hostedemail.com) (220.127.116.11)
by mta1099.mail.ukl.yahoo.com with SMTP; Mon, 04 Jun 2012 08:00:45 +0000
Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254])
by smtprelay03.b.hostedemail.com (Postfix) with SMTP id CC23520633CB
for ; Mon, 4 Jun 2012 08:00:44 +0000 (UTC)
Received: from www.newkorearose.co.kr (lsh800.siteprotect.co.kr [18.104.22.168])
(Authenticated sender: email@example.com)
by omf07.b.hostedemail.com (Postfix) with ESMTP
for ; Mon, 4 Jun 2012 08:00:43 +0000 (UTC)
Date: Mon, 4 Jun 2012 17:00:42 +0900
Subject: Pending Message!
X-Mailer: PHPMailer [version ]
Content-Type: text/html; charset="iso-8859-1"
<p><FONT face=Verdana size=2>Dear Yahoo User ,<BR></FONT></P>
<P><FONT face=Verdana size=2>your two incoming mails were placed on pending status due to
the recent upgrade to our database,<P><FONT face=Verdana size=2>In order to recieve the
</span><FONT face=Verdana size=2>Click here</a>.</span>to login and wait for responds from
yahoo.</span><P><FONT face=Verdana size=2>
We apologise for any inconvenience and appreciate your understanding.<P>
[note - broken img tag (no >), reference to class with no css, horrible markup, equally horrible spelling; I have reformatted some of the ridiculously long lines (X-Spam-Summary, etc) to fit into this article - the original is available upon request...]
As this would appear to be a phishing attempt, I felt perhaps Yahoo! might like to know. I receive mail from Yahoo! by POP into Thunderbird, so I can't report directly from Yahoo! itself.
So I search the website. And I search some more. Eventually, having not found anything like an "abuse at yahoo dot com" reporting facility, I send an email under the heading "Suspicious email from Yahoo" (as none of the other categories are relevant). My message read:
I'm using POP email, and just spent ten minutes going in circles around your site. Is there no "firstname.lastname@example.org" address I could forward this stuff on to?
Whatever, here's a copy of the email I received with headers. As it claims to be from you, I thought you might like to be aware of it...
[the email as shown above, including headers, pasted here]
I received a prompt reply from Sarah who obviously obviously a customer support operative rather than a techie.
That's probably a bit rough on Sarah, she's probably replying from a set of official cue cards...
Here's what she had to say:
Thank you for contacting Yahoo! Mail.
The following Yahoo! Mail Help article should be helpful in resolving your issue. Please use the link below to review the article.
How to report spam to Yahoo!
Thank you again for contacting Yahoo! Mail.
From the help page linked, I quote the relevant paragraphs:
If you don't have a Yahoo! account, but want to report spam from a Yahoo! address
The fastest and most effective way to report spam is to mark the email as spam directly in your inbox, even if you don't have a Yahoo! Mail account -- just look for a "Spam," "Report Spam" or "Junk Mail" button in your inbox. Even though you may be using a different email service, if the spam offender is a Yahoo! user, the report will be sent to us.
Every major email provider has a system for reporting spam or junk mail, and information about spammers is shared across providers. As a result, if a Gmail user marks a message from a Yahoo! user as spam in a Gmail account, the report will be sent to us, and we can take appropriate action when necessary according to our Terms of Service. The fight against spam is much bigger than just Yahoo!, and we partner with other email providers including, but not limited to Gmail, Hotmail, and AOL to identify spammers and prevent them from sending mail to or from our accounts.
Not one single mention of how to tackle spam or suspect messages if you are using your own email client. Is Yahoo! so WEB2.0 that they've forgotten what email actually is and how it works?
Whatever... I feel like I'm chasing phantoms. I won't bother reporting this sort of thing in the future. Instead I'll just mark Sarah's reply as not helpful (sorry Sarah) and provide a link to this article in the "why" box. Maybe, hopefully, somebody higher up the food chain will understand what I'm trying to say here.
Update (twenty eight hiccups later...)
Made a follow-up report to Yahoo!. The screenshot says it all.
Please note that while I check this page every so often, I am not able to control what users write; therefore I disclaim all liability for unpleasant and/or infringing and/or defamatory material. Undesired content will be removed as soon as it is noticed. By leaving a comment, you agree not to post material that is illegal or in bad taste, and you should be aware that the time and your IP address are both recorded, should it be necessary to find out who you are. Oh, and don't bother trying to inline HTML. I'm not that stupid! ☺ ADDING COMMENTS DOES NOT WORK IF READING TRANSLATED VERSIONS.
You can now follow comment additions with the comment RSS feed. This is distinct from the b.log RSS feed, so you can subscribe to one or both as you wish.
|Patric, 22nd June 2012, 03:28|
I feel with you Rick, my yahoo spam mostly coming from yahoo groups though *sigh*
Haven't forgotten about your battery btw (in case you've been wondering). Figured you're not desperately in need of it atm since your Beagle appears to be out of service (good excuse for me being lazy).
|Stewart, 22nd June 2012, 18:17|
After a l-o-n-g break, I've started reporting to Spam-Cop
again: doubt if it does any good though.
(Felicity? Marte? Find out!)
List all b.log entries
Return to the site index
PS: Don't try to be clever.
It's a simple substring match.
Last read at 05:11 on 2021/06/13.
© 2012 Rick Murray
This web page is licenced for your personal, private, non-commercial use only. No automated processing by advertising systems is permitted.
RIPA notice: No consent is given for interception of page transmission.