12-10-07

yahoo domainkeys and antispam are broken

Since a few weeks we get more and more spam that passes the antispam filters from Yahoo, but recently even mails (phishing) that claims to come from Yahoo has passed their filters and even their domainkeys should normally have stopped this mail because normally Yahoo would have seen that this mail couldn't come from Yahoo and should have blocked it.

There is nothing worse than telling people that you have built a system that will identify if a mail comes from a certain mailserver so that people will trust mail that says it comes from your services (but not from your mailserver) and letting it degrade.

I can understand that Yahoo is going through rough times and maybe people got fired, replaced or aren't doing their job properly any more, but the biggest advantage of Yahoo the last years was that it was one of the best antispam and antiphishing services around.

This is changing and fast. Maybe it is because Trend Micro is also degrading fast - which is the reason people are throwing Trend Micro solutions out of the window and choosing other solutions. But there is definitively a problem with domain keys here

Or before there was a lonesome soldier having a human watch on the traffic and adapting strategies to the tactics of the spammers.

These are the headers of the mail - and this is the reason you should always look at the headers if you aren't sure (or at the source of the page - rightclick)

mailforlen@yahoo.com via 206.190.38.220; Thu, 11 Oct 2007 12:59:20 -0700
X-Originating-IP:[80.243.163.18]
Return-Path:<httpd@www24.world4you.com>
Authentication-Results:mta313.mail.re4.yahoo.com from=yahoo.com; domainkeys=neutral (no sig)
Received:from 80.243.163.18 (EHLO antispam03.world4you.com) (80.243.163.18) by mta313.mail.re4.yahoo.com with SMTP; Thu, 11 Oct 2007 12:59:20 -0700
Received:from [80.243.163.44] (helo=www24.world4you.com) by antispam03.world4you.com with esmtp (Exim 4.43) id 1Ig4Bi-0002jN-Ny for mailforlenxxxxyahoo.com; Thu, 11 Oct 2007 21:59:19 +0200
Received:(from httpd@localhost) by www24.world4you.com (8.11.6/8.11.6) id l9BJxIU06518; Thu, 11 Oct 2007 21:59:18 +0200
Date:Thu, 11 Oct 2007 21:59:18 +0200
Message-Id:<200710111959.l9BJxIU06518@www24.world4you.com>
To:mailforlenxxxxyahoo.com
From:Send an Instant Message "Yahoo! Data" <mail.accountservices@yahoo.com>  Add to Address BookAdd to Address Book  Add Mobile Alert
Reply-to:mail.accountservices@yahoo.com
MIME-Version:1.0
X-SA-Exim-Connect-IP:80.243.163.44
X-SA-Exim-Mail-From:httpd@www24.world4you.com
X-Spam-Checker-Version:SpamAssassin 3.1.7 (2006-10-05) on antispam03.world4you.com
X-Spam-Level:**
X-Spam-Status:No, score=2.3 required=4.0 tests=FORGED_YAHOO_RCVD, HTML_FONT_BIG,HTML_FONT_FACE_BAD,HTML_MIME_NO_HTML_TAG, HTML_TAG_EXIST_TBODY,MIME_HTML_ONLY autolearn=disabled version=3.1.7
Subject:Yahoo Account Warning ( Verify Your Account CaseID: 55FEMIIIIF__**665JJ)
Content-Type:text/html
Content-Transfer-Encoding:8bit
X-SA-Exim-Version:4.1 (built Wed, 05 Jan 2005 10:54:05 -0500)
X-SA-Exim-Scanned:Yes (on antispam03.world4you.com)
Content-Length:7777

09:15 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.