One likely scenario may be that the spammer managed to hack into an existing account, then use it to send out their garbage. One way to fix that is to ensure all humans with computer access always employ best practices for choosing and protecting secure passwords.
Another possible scenario is the spammer created their own account just so their spam would look more legitimate. This is another human behavior issue for which (like the one above) there is unlikely ever to be an acceptable technological solution. You're never going to stop ALL the spam, and for situations that represent, as you said, only "a few" the effort to catch them is often more trouble than it's worth - or the problem may just go away (the freemail host notices and closes the account) by the time you start trying to think of a solution. >>> Kaleb Hosie <kho...@spectraaluminum.com> 03/31/10 12:18 PM >>> I'm wondering if anyone else has an issue with SPAM that comes from a real yahoo or gmail account? I've noticed a few emails get let into our organization everyday that is sent from a free email account such as yahoo and gmail. When I do a rDNS lookup, of the IP, it points back to a real server (not a spam server). Here's an example of one that just got let in: Mar 31 12:05:34 mailgate2 spamd[14709]: spamd: processing message <39701.814...@web36505.mail.mud.yahoo.com> for apache:48 Mar 31 12:05:38 mailgate2 spamd[14709]: spamd: clean message (-0.1/4.4) for apache:48 in 3.8 seconds, 22865 bytes. Mar 31 12:05:38 mailgate2 spamd[14709]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,T_RP_MATCHES_RCVD The subject of this is email was: "Launch of www.girlsandwomen.com & G(irls) 20 Summit Website" Does anyone have any recommendations on how to fixing that? Thanks! Kaleb