I noticed many hits on the Spamhaus HBL (hash blocklist) this morning for legitimate messages from Yahoo.
It turns out that the listing is for "mail [dot] onelink [dot] me/107872968", which is the URL used in the standard Yahoo mail app signature for Android and iPhone (things like "Yahoo Mail: Search, Organize, Conquer" and "Sent from Yahoo Mail for iPhone"). You can see the listing here: https://check.spamhaus.org/results?query=9f774a3d85eb14646ed479ebca746e48849687bb9e1effb2da1ad03ab4dac4cf Yahoo and Spamhaus folks, you'll probably want to remove that and figure out how to prevent it from being relisted. I've found the Spamhaus HBL to have quite a few false positives that seem to result from completely automated listings, unfortunately -- another recent one was the hash of the blank IRS W-9 form that people send to contractors to fill out. In both these cases, I'm sure that the URL and file are used in phishing, as it says, but clearly they're also used in many legitimate messages. I've had to really lower our SpamAssassin score of Spamhaus HBL matches to avoid problems. -- Robert L Mathews
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
