• OUR SERVICES
• PRICING
• ABOUT US
• SUPPORT
• PARTNERS
• CONTACT

Webmail Spam

A lot of spam is sent through free Web E-mail providers - mainly Google/Gmail, Yahoo and MSN/Hotmail, but also many other smaller providers. Nigerian/411 Spammers in particular seem to like using Webmail to send their junk.

A sample Webmail spam:

Received: from n70.bullet.mail.sp1.yahoo.com (n70.bullet.mail.sp1.yahoo.com [98.136.44.38])
            by mail.skywaywest.com (Postfix) with SMTP id 8B7944713
          for ; Sat, 24 May 2008 15:09:21 -0700 (PDT)
Received: from [216.252.122.219] by n70.bullet.mail.sp1.yahoo.com with NNFMP; 24 May 2008 22:03:39 -0000
Received: from [69.147.84.109] by t4.bullet.sp1.yahoo.com with NNFMP; 24 May 2008 22:03:39 -0000
Received: from [127.0.0.1] by omp207.mail.sp1.yahoo.com with NNFMP; 24 May 2008 22:03:39 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 486124.55581.bm@omp207.mail.sp1.yahoo.com
Received: (qmail 92807 invoked by uid 60001); 24 May 2008 22:03:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.com;h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;b=1CwdaCWNfEoLzJ9zUq65UVFsm2Y7xwV/N7wYgVtgxP8KKeMUErJpp8R8UIi1sufzWXRDQtEtTG/8bduVOR4aczL6HGnzXs1bwwnfo0fs2lPp2qNoC22RD6UOw974eGUFA7y4JgiYo3AMcg+WduijNur0JdPtqm/HNxm8PI9xEhw=;
X-YMail-OSG: 453YO1oVM1myZqD_Ct10rvOPBdqJBhfxVY_ZxMSYleMrAYpyqqlFoR1VnVxd48nVL2hdbc4YpOF9w2YwXlzWKYozM1QAZvV5hlKbW70GN8eJhpAOUqiH3_EHmnfBAD9KHlvKYZXJJafuJXyTFix_F7JRueontztL
Received: from [123.117.165.203] by web45209.mail.sp1.yahoo.com via HTTP; Sat, 24 May 2008 15:03:39 PDT
Date: Sat, 24 May 2008 15:03:39 -0700 (PDT)
From: Avery Greene 
Subject: Discounted goods for you
To: 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-829586930-1211666619=:92470"
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Message-ID: <253309.92470.qm@web45209.mail.sp1.yahoo.com>

[body snipped]

    

As with other sorts of Spam, we look at the Received: headers. All the headers are consistent and were created by Yahoo, including the helpful one telling us the spam was injected from 123.117.165.203 via HTTP.

Send it to abuse@yahoo.com. They probably won't do anything about it, though. The large Webmail providers are really bad at stopping the spamming from their systems. Their business model (free E-mail) is extremely vulnerable to abuse and so hard to police that they are fighting a losing battle.

[ Back to Skyway West Knowledge Center ]

[ Back to Spam Resource Page ]

Please send corrections or suggestions for improvements in this page to abuse@skywaywest.com