This isn't so much of a technical question as a policy one.
I get a lot of spam which looks like:
Return-Path: <evan_law...@davidark.net>
Received: from web1111.biz.mail.sk1.yahoo.com (web1111.biz.mail.sk1.yahoo.com
[74.6.114.43])
by mail.redfish-solutions.com (8.14.3/8.14.3) with SMTP id nA8KXHbF007914
for <philipp_s...@redfish-solutions.com>; Sun, 8 Nov 2009 13:33:23 -0700
Received: (qmail 77790 invoked by uid 60001); 8 Nov 2009 20:33:17 -0000
Message-ID: <223519.76757...@web1111.biz.mail.sk1.yahoo.com>
X-YMail-OSG:
ITTxzA0VM1nOPGrQYX7tAeYtgFhkzLHYo.qDHS6MrLwhvvaHzfjqTAnctUdZXTeTR0y.mWitx7Ou0luQLKnF_GvxGk_gsyrhQiecygtXxr.GNWFkWrkP57qwERbf1Af794h0lXoiyXseb3DTTSqteQCJJ4R8cnSOGFAQavXbUa1QwMHI24mWQEyMF4VkVtpK30oRxlaHVfyGuTXo9pDtTd3mfZScylE6lSYlZjaU8EFS8b8xILkwduj7dx_FW.i4q._BpZayBZY5A5rQb2y03bhl6aTzM9nfbFpY..dlKU7NJVZhLnPeDNRv8z3ZUCBQfsJCq2M5y9Os913jTPXpB1loucgEzfYocoVj6I081B.QNiRFwnUtANDRTHDyGogYeSccqeiSzPxhABGFEtTWY2D08epaNJbwPjU66HDWEjzzNUbzBXyRny0UzKp4HLBUX5tbKNJ8kbHotjEE7xtmcpzoqm.YpfEDl_9omvGsW1e7rThr60pemte_xsNIcarBts2PAXSgzJrZ8zveH287WUmL29olqa3kkksEeVIi4cFsYWNQgSuPqQXV6TLpim1VNZ8c_bzZ5J35fEiL1iJeDWndc.SFtUMwf2leifGkzwDYSrWxOmhux7a_.AC30.BaJQypPZx6YlCXVWlJ3PIIeP0O_.NLtkltfStJB_lS69d6vSh437.X25YQtDTOo3MxMqjNgPznHdmQZ4SFJtF9lfmcksrvoSlXDkiCwGl2qfo.Iuxuh0c.KyVqFlzdy8GgUQJpw9yPwB_aTG.kIs.8gIuUQ3AY3wkI0QEfDOWbqDN2Gr3uLzwvrJLo9UJ4HTDAni7dvTSnM2INbXq7YdCgpfBZ7_AhpLTvvXhY_Yu.aoLjLh1Ill2BwfLJGCZr3bNct0pTw2_o5FXrupA.1Pk3t04NhCaQ0Y0St36th.K7a7smbRBcZusdDeQewQ7l.kEf0i.2YTbqFLUyI4QJwhXs18Kj1g_SQf3shYJxhlHF6FvRqX88D6kLJjPspPvh4eC_XiYxBtaarV0ZXoBBVKUjSj04DP8RSrFZ1DBGT5s2Uz.ZUY78.ilZcXnhFt1Dz4JwjnG0a35n8xWOx6JbWTD5d25EDahowx340TjnAGyjlfxfzgdFPlaQC54EEbDZpvjU8fbah53jJkST2JdvVUEKivsflAEEU7Y5_l8LQzENtjAAYop8dpHadyQn1lAYzRwrpHF7ViBGMwd3gihfVZs_3onzYsoYsvwkNolkWORQcvbGWxFKfuQMJDL9Iaw4QKX0iIGErAWHIkWHnF6B48RFDMrGVyVrwjEhT7X50IKYbwK.EZid2Eme9x2ElFgATPBSmjhom14Ay9DuY77cJuY_MohirOKsbTgl3_nwv704SGy6.Vg.oAaEP29c8cOcMwXpzZDUeO0ZHXcIn9f7ujQlssq9EF4Yn79sQcgkBNeRMFAkLx_cx5Ez5a9rslAITdPSuHfK.X0YH3GAmV.ONy7VE9Uta5Tk4Z3JmjtHJ0AIrCIGy7ZonllVcF1nWkv4BA083jOSbsQqFBXtU5uOnhE-
Received: from [41.207.162.4] by web1111.biz.mail.sk1.yahoo.com via HTTP; Sun,
08 Nov 2009 12:33:16 PST
X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.7.347.3
Date: Sun, 8 Nov 2009 12:33:16 -0800 (PST)
From: Evan Lawson <evan_law...@davidark.net>
Subject: Hello Dear Friend
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
And I report this to Yahoo!. They then answer:
We understand your frustration in receiving unsolicited email. While we
investigate all reported violations against the Yahoo! Terms of Service
(TOS), in this particular case the message you received was not sent by
a Yahoo! Mail user.
Yahoo! has no control over activities outside its service, and therefore
we cannot take action. You may try contacting the sender's email
provider, by identifying the sender's domain and contacting the
administrator of that domain. The sender's provider should be in a
better position to take appropriate action against the sender's account.
which sounds to me like they are effectively admitting that they run an
Open Relay, which is against US law, as I remember.
It's also factually incorrect. The message didn't originate outside of
their service, since the line "Received: ... via HTTP" is basically
meaningless. HTTP isn't a mail protocol. This tells me that the
message originated via a Webmail submission on their website, which
means that someone had to log in with credentials... which means that
(a) they do in fact have control over whether that user's credentials
get yanked or not, and (b) the message didn't originate outside of their
service.
This has been going on for 4 years, and I'm tired of their shirking
their responsibility.
We don't have a lot of users, so I'd be happy to blacklist Yahoo! until
they clean up their act... unfortunately a couple of correspondents to
this domain are Yahoo! users.
So what is the best course of action to take against Yahoo!?
I filed an IC3 complaint against them for passing phishing and operating
an Open Relay, but nothing came of it.
How has everyone else made their peace with this?
Thanks,
-Philip
