Matt, I don't what my observation is worth but the only spam I've noticed in the past year from Yahoo! servers was always from the *.bizmail.yahoo.com servers (a related issue is/was a lack of confirmation for message group sign-ups).
Previous to that, Yahoo! and HoTMaiL and AOL were common targets for spammers to get a quick account on, blast a campaign out, then ditch the account. They commonly used stolen and fake credit card numbers to sign up with AOL and local dial-up ISPs. Much as the "17 trillion addresses" CDROMs, spammers also sold entire packages with illegal software to generate fake credit card numbers and software that would automatically sign up for dozens of new accounts with those fake credit cards, then send the spam through them. (I think the matter of junk coming from otherwise valid servers is a real vindication for content inspection as a complement to blocking by IP.) Now I find that it's pretty rare to get spam from a real account at one of the big providers. I notice that the "from:" and "to:" fields in the message were @cs.com which used to be CompuServe, now part of AOL. What I do about spam like this is run it through my SpamCop account. I then *responsibly* use the info to make reports or let SpamCop do it for me. Despite your bad experiences with SpamCop as an ip4r test, the service does make an effort to not list ISPs that don't deserve it. For an *example only*, running a slightly munged version of your spam sample through SpamCop's anonymous submission web page produces these contacts for which information: Re: 216.136.172.125 (Administrator interested in intermediary handling of spam) To: [EMAIL PROTECTED] (Notes) To: [EMAIL PROTECTED] (Notes) Re: 68.234.34.67 (Administrator of network where email originates) To: [EMAIL PROTECTED] (Notes) Re: 68.234.34.67 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://www.mikostarinda.com?lxij (Administrator of network hosting website referenced in spam) To: [EMAIL PROTECTED] (refuses munged reports) (Notes) To: [EMAIL PROTECTED] (Notes) Note that for the the Yahoo! mail address, they're notifying the contact address but not listing them. Particularly illuminating is the SpamCop report on that Adelphia IP: http://www.spamcop.net/w3m?action=checkblock&ip=68.234.34.67 68.234.34.67 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported about 3390 times by about 210 users. It has been sending mail consistently for at least 18.0 days. It has been listed for 16.7 days. In the past week, this system has: Been reported as a source of spam about 60 times Been detected sending mail to spam traps Been witnessed sending mail about 2910 times --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
