[NTLK] That recent spam message marked "hello!" from "john wallace"

Morgan Aldridge morgant at makkintosshu.com
Sun Feb 3 09:55:05 EST 2013

On Sun, Feb 3, 2013 at 9:08 AM, James Fraser
<wheresthatistanbul-newtontalk at yahoo.com> wrote:
> --- On Fri, 2/1/13, Lord Groundhog <lordgroundhog at gmail.com> wrote:
>> Anyway, I found it interesting to look at the pattern I
>> think I see, and I assume it means that once again, Yahoo¹s refusal to
>> co-operate adequately with customers in locking things down has
>> resulted in a massive seize-and-spam operation by some drongo who
>> thinks annoying people is a good way to make money.
> Hasn't Yahoo always been considered more or less a spamhaus?
> If Yahoo ever put serious effort into busting spammers and working with end users to lock down their accounts, I can't say I'm familiar with what they did.  Were they, at some point, actually in earnest about cleaning up their act?

I'm not familiar with what Yahoo! has done internally in terms of
account security & locking out spam accounts (anywhere you can get a
free email address is bound to cause problems), but they have actually
played a large part in spam prevention (and no, I'm not a particular
fan of Yahoo!).

One of the more recent improvements in identifying valid vs. spoofed
emails (which spammers _love_ to pull) is email authentication.
Basically, a domain signs the headers of each valid email sent from
it's headers with an encryption key. Other mail servers, when they
receive a message, look up the public key, decrypt the signature, and
ensure it matches. What this does it ensure that an email sent from a
particular domain (whether @yahoo.com, @apple.com, etc.) actually came
through the domain, so a spammer can't just spoof the headers and say
that they're sending from @yahoo.com without getting at least flagged
as spam, but usually outright rejected.

This is DomainKeys and was invented at Yahoo! There's also a more
general standard based on it called DKIM. Anyone running a mail server
pretty much has to implement both of these at this point... along with
a slew of other spam prevention techniques, of course.

So, I wouldn't say they're doing nothing to prevent spam, but free
email accounts are definitely a problem (you can blame Google and
other ISPs just as much as Yahoo! for that).


More information about the NewtonTalk mailing list