This isn't so much of a technical question as a policy one. I get a lot of spam which looks like:
Return-Path: <evan_law...@davidark.net> Received: from web1111.biz.mail.sk1.yahoo.com (web1111.biz.mail.sk1.yahoo.com [74.6.114.43]) by mail.redfish-solutions.com (8.14.3/8.14.3) with SMTP id nA8KXHbF007914 for <philipp_s...@redfish-solutions.com>; Sun, 8 Nov 2009 13:33:23 -0700 Received: (qmail 77790 invoked by uid 60001); 8 Nov 2009 20:33:17 -0000 Message-ID: <223519.76757...@web1111.biz.mail.sk1.yahoo.com> X-YMail-OSG: ITTxzA0VM1nOPGrQYX7tAeYtgFhkzLHYo.qDHS6MrLwhvvaHzfjqTAnctUdZXTeTR0y.mWitx7Ou0luQLKnF_GvxGk_gsyrhQiecygtXxr.GNWFkWrkP57qwERbf1Af794h0lXoiyXseb3DTTSqteQCJJ4R8cnSOGFAQavXbUa1QwMHI24mWQEyMF4VkVtpK30oRxlaHVfyGuTXo9pDtTd3mfZScylE6lSYlZjaU8EFS8b8xILkwduj7dx_FW.i4q._BpZayBZY5A5rQb2y03bhl6aTzM9nfbFpY..dlKU7NJVZhLnPeDNRv8z3ZUCBQfsJCq2M5y9Os913jTPXpB1loucgEzfYocoVj6I081B.QNiRFwnUtANDRTHDyGogYeSccqeiSzPxhABGFEtTWY2D08epaNJbwPjU66HDWEjzzNUbzBXyRny0UzKp4HLBUX5tbKNJ8kbHotjEE7xtmcpzoqm.YpfEDl_9omvGsW1e7rThr60pemte_xsNIcarBts2PAXSgzJrZ8zveH287WUmL29olqa3kkksEeVIi4cFsYWNQgSuPqQXV6TLpim1VNZ8c_bzZ5J35fEiL1iJeDWndc.SFtUMwf2leifGkzwDYSrWxOmhux7a_.AC30.BaJQypPZx6YlCXVWlJ3PIIeP0O_.NLtkltfStJB_lS69d6vSh437.X25YQtDTOo3MxMqjNgPznHdmQZ4SFJtF9lfmcksrvoSlXDkiCwGl2qfo.Iuxuh0c.KyVqFlzdy8GgUQJpw9yPwB_aTG.kIs.8gIuUQ3AY3wkI0QEfDOWbqDN2Gr3uLzwvrJLo9UJ4HTDAni7dvTSnM2INbXq7YdCgpfBZ7_AhpLTvvXhY_Yu.aoLjLh1Ill2BwfLJGCZr3bNct0pTw2_o5FXrupA.1Pk3t04NhCaQ0Y0St36th.K7a7smbRBcZusdDeQewQ7l.kEf0i.2YTbqFLUyI4QJwhXs18Kj1g_SQf3shYJxhlHF6FvRqX88D6kLJjPspPvh4eC_XiYxBtaarV0ZXoBBVKUjSj04DP8RSrFZ1DBGT5s2Uz.ZUY78.ilZcXnhFt1Dz4JwjnG0a35n8xWOx6JbWTD5d25EDahowx340TjnAGyjlfxfzgdFPlaQC54EEbDZpvjU8fbah53jJkST2JdvVUEKivsflAEEU7Y5_l8LQzENtjAAYop8dpHadyQn1lAYzRwrpHF7ViBGMwd3gihfVZs_3onzYsoYsvwkNolkWORQcvbGWxFKfuQMJDL9Iaw4QKX0iIGErAWHIkWHnF6B48RFDMrGVyVrwjEhT7X50IKYbwK.EZid2Eme9x2ElFgATPBSmjhom14Ay9DuY77cJuY_MohirOKsbTgl3_nwv704SGy6.Vg.oAaEP29c8cOcMwXpzZDUeO0ZHXcIn9f7ujQlssq9EF4Yn79sQcgkBNeRMFAkLx_cx5Ez5a9rslAITdPSuHfK.X0YH3GAmV.ONy7VE9Uta5Tk4Z3JmjtHJ0AIrCIGy7ZonllVcF1nWkv4BA083jOSbsQqFBXtU5uOnhE- Received: from [41.207.162.4] by web1111.biz.mail.sk1.yahoo.com via HTTP; Sun, 08 Nov 2009 12:33:16 PST X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.7.347.3 Date: Sun, 8 Nov 2009 12:33:16 -0800 (PST) From: Evan Lawson <evan_law...@davidark.net> Subject: Hello Dear Friend To: undisclosed recipients: ; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii And I report this to Yahoo!. They then answer: We understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was not sent by a Yahoo! Mail user. Yahoo! has no control over activities outside its service, and therefore we cannot take action. You may try contacting the sender's email provider, by identifying the sender's domain and contacting the administrator of that domain. The sender's provider should be in a better position to take appropriate action against the sender's account. which sounds to me like they are effectively admitting that they run an Open Relay, which is against US law, as I remember. It's also factually incorrect. The message didn't originate outside of their service, since the line "Received: ... via HTTP" is basically meaningless. HTTP isn't a mail protocol. This tells me that the message originated via a Webmail submission on their website, which means that someone had to log in with credentials... which means that (a) they do in fact have control over whether that user's credentials get yanked or not, and (b) the message didn't originate outside of their service. This has been going on for 4 years, and I'm tired of their shirking their responsibility. We don't have a lot of users, so I'd be happy to blacklist Yahoo! until they clean up their act... unfortunately a couple of correspondents to this domain are Yahoo! users. So what is the best course of action to take against Yahoo!? I filed an IC3 complaint against them for passing phishing and operating an Open Relay, but nothing came of it. How has everyone else made their peace with this? Thanks, -Philip