When you have to signup for a yahoo account before they will let you fill in the form they make you fill in to stop them from blocking your legitimate mailings, it smacks of a con to get more people to signup with them.

I run an email server for an online game that has been about years and has never been used for spam and we regularly see these messages in the log files.

Admittedly they normally only delay us by minutes until the next delivery attempt but as for them getting delayed by upto 24 hours, I have never seen that on our systems.

<yawn> Here we go again. So what if it is a "private, closed relay"? They still have a provider, don't they? They're still paying somebody, unless the Internet has suddenly become free. What if (hypothetically), their provider is spammer-friendly? If I'm a taxi driver and you're a perfectly respectable citizen but you happen to live in a crime-infested slum neighbourhood and your landlord is a crack dealer... am I obliged to take you home? (disclaimer: this is entirely hypothetical as I have no idea of the reputation of their actual provider)

How do you do that? Inquiring minds want to know.

So Yahoo! (or their blacklist suppliers, since it's not just them that Haslar is having trouble with) have decided that this place originates too many mails of the same content and has labelled it spam. So they ask them to put yet more repeat ("looks like spam") mail on the wires?

Riiiighhhtt.

all it requires is just one person on the mailing list to have closed their yahoo account, send a few messages to that person and you're banned

We've tried in vane to get yahoo's help.

They don't give a flying squirrel.

As far as I can tell yahoo don't want to accept mail - they'd much rather defer it even after we've jumped through all the hoops.

All you need, if you want to be able to send and receive e-mail on nobody's terms but your own, is the following:

* a "wires-only" ADSL service with no ports blocked and at least one static IP address [about £30 per month]

* a domain name hosted with a company who provide a web-based control panel for setting up your zonefile [less than £5 per year]

* a machine with a processor of 500MHz or faster, a hard disk of 4GB or bigger and at least 64MB of RAM [try a skip]

* exim (for SMTP), dovecot (for IMAP and POP3) and spamassassin (for spam filtering)

Looks a lot more professional than a yahoo! e-mail address, too.

We have the same problem with Yahoo and got a list of questions.

To begin with I had to set up a yahoo account to be able to fill out the contact form. Yahoo person thought I had filled out the form for the Yahoo account I'd just opened, even though it was damn obvious it wasn't.

I'd given them enough information on the first form, there was nothing else I could give them, but I also got the long list of questions.

Found out Hotmail also suffered from a similar problem. You have to notify Hotmail about your SPF record !!! Yeap! Even though you'd think it would be possible to check it just like everyone else!!!! F@$k sake!

Christ - don't even get me started with AOL.

I think the problem is because people are now told never to unsubscribe themselves, because it lets the spammer know they have a live account - people are using the 'report as spam' option FAR TO OFTEN!!

Now if I see an email from a hotmail, yahoo or AOL domain - I don't even waste my time to reply, after all you never know if they will get it or not! Grrrrr!

I run a small mail system with MDaemon which handles a few domains and have no end of problems delivering mail to Yahoo. It's very often that I'll look at the system to find a number of mails all held in the queue and checking the logs shows exactly the same thing.

My system is very clean and locked down against being hijacked or used by spammers.

Yahoo is far too cautious and blocks far too much genuine mail but they don't care about it as far as I can tell. I've been in touch with their boffin techys and they just tell me to retry sending. Mail does get through eventually but it's like a grey list gone badly wrong.

I've had similar problems trying to un-blacklist legitimate email domains from Yahoo and BT before, but never as much as got a human response from either service provider. Nowadays I've given up and if customers complain they aren't getting emails from us, I have to tell them it's their overzealous providers' fault and there's nothing I can do... in other words, I badmouth them (BT particularly) every single day. That's what lack of customer support gets them :-)

BT/Yahoo black listed the ISP i work for, and it's a running issue with them...

(we're big, we're probably your providings in one way or another).

We're just as bad though, our mail servers blocked our own domains once when we had a new back end system installed.

I'm a network administrator/director for a non-profit Usergroup/ISP in Houston, Tx. (http://www.hal-pc.org)

We've been having the same problem with them off and on for months. The major difference is that with 15K accounts on our mail server, we spool mail for way more yahoo accounts than most people and when they block us, our mail spool increases into the thousands very quickly and slows our servers to a crawl. I'm sorry to say that the 17 item questionairre is the a form response and not the result of the reg article. Yahoo doesn't care about interoperability (domainkeys) they obviously don't care about customer support and they don't care about bad press. They get plenty of bad press, but it's generally justfied because they pull stuff like this.

I've been through 15-20 email transactions with them where there are three constants:

1. I jump Through their hoops

2. They send me form resopnses that are not applicable to my situation and demonstrate than nobody read my responses.

3. If I pay them, they'll let me send whatever I want.

Their customer service number (866-562-7219) is completely pointless unless you work your way into the premium webhosting queue and their main corporate number (408-349-3300) generally results in a transfer to their customer service number if you don't know the name of someone you need to be transferred to.

I have a feeling that they'll do this until a critical mass of ISPs cannot send email to them at which time:

1. They'll die.

2. Having been in bed with SBC (AT&T now), they'll use the inability of small ISPs to send them email as a selling point for AT&T to further drive small ISPs out of business. and then they'll die.

YAAAAAHHHHHOOOOOOooooooOOOOOOOOoooooo!!!!!

This sounds like Yahoo are using greylisting to me, which we also use here at the university.

Basically, all incoming connections that originate from (what appears to be) a home account or an ADSL are initially sent an SMTP '421 Defer', and when the connection is retried 20mins later, it is accepted. Once one email has been confirmed this way, the source IP address is whitelisted so it doesnt need to be greylisted again.

Spammers (and zombified PCs) are sending so many million emails that they can't defer and retry - they treat a 4xx code as a 5xx (fail). This cuts out about 45% of our incoming spam at the SMTP conversation stage (less than 1% of greylisted connections are subsequently confirmed). This is a good system for mail gateways as almost all valid incoming email is coming from another mail gateway, and it blocks almost all zombie-PC originating spam.

This method is not appropriate, though, for ISPs to use on their clients because (of course) their clients are all on this sort of IP! I suspect that Yahoo uses greylisting for its web-based accounts (sensible) but now they have started to manage email for ISPs clients it doesnt work any more. They should explicitly exempt from greylisting the IP ranges of the ISPs for whom they manage the email.

Steve

Part of the problem is the "domain spoofing" spammers use to push their crap. No matter how tightly you secure your mail servers, you cannot stop a spammer from spoofing your domain in their email headers, and then forwarding it out through their botnets.

Case in point: We were suddenly deluged with "Your message has been blocked as spam" autoreplies from addresses we had never heard of or sent anything to. One of the accounts on our server is a "catch-all" account for capturing emails sent to our domain with misspelt email addresses, and it was this account that was hit with all these rejection messages. When we did the analysis, we found that a spammer was using multiple nonexistent addresses@our domain in their headers, and sending them from a different server with spoofed headers. Example: my email address is stever@[ourdomain].com, so some of the block responses were to emails allegedly from "stevebomb@[ourdomain].com, steveblow@[ourdomain].com, stevebar@[ourdomain.com]" - none of which exist, nor were ever set up on our servers, nor did our server logs ever show any sign of penetration or hijacking - ergo, our mail server was not responsible for the attack. Somebody used another mailserver (or a botnet) with a trojan to modify the email headers to generate names exploiting our domain. Result: everyone thought the spam was coming from our domain and blocked us. We had the devil's time and a huge cost in clearing our name and assuring our customers we had nothing to do with the recent spamfest.

Now I am generally against the death penalty, but I sincerely believe that this kind of fraud should result in public executions. These bastards don't give a fuck that they are ruining someone's business reputation, destroying their livelihood, and maybe destroying hundreds of people's livelihoods by costing them jobs; and after the fiasco I had to straighten out, I would have definitely gone to see the public hanging of the bastards responsible and bayed for their blood with the crowd. If I am ever lucky enough to meet anyone responsible for this kind of spam spoofing I will introduce them to my stainless steel bash bat, law or no law.

Hi,

I have taken the comments listed here on board and have already taken action to implement the following.

1/ Amended SPF record so that only the primary mail server is authorised to send mail.

2/ Amended the reverse DNS infomation for mail server IP address to a non adsl one.

3/ Amended hostname of mail server so that it does not display adsl

4/ Made sure that that the A Name MX record, SMTP greeting / hostname and reverse DNS for IP all match.

Although the main website is hosted with hostgator.com they do not host our email, and to be honest their service as a host have been second to none, just a shame that their backbone provider has an allegedly obvious dubious record with regards to spam.

Many thanks for all your help and comments.

Regards

Brian

Hospital Radio Haslar

I have been speaking to yahoo for the last 3 months to get this resolved, Im not sending bulk mail, maybe 20 messages a day to one yahoo user...

So far I have had to explain no less than 3 times that I am not sending bulk email to their network.

As for their spam policy the "Challange" Rule is Ok in theory... Basically if its spam and it bounces the sending server wont try to send it again, a legit sendinmg server will que it and re send... the second mail should get through...

In Theory this is fine... In practice the yahoo mail server forgets that the first mail was deffered after about 5 mins so the sending server needs to retry the delivery almost immediatly after the first bounce...

Of course this still doesnt fix it - but it does increase the chaces of your mail making it from 1 in 10 to 2 in 10!!!

Its a farce.. If I didnt have clients on yahoo I would have nothing to do with them.