Apr
5
2008

Why was Yahoo SMTP misbehaving?

Yahoo provides free SMTP access to all its non yahoo.com domain email addresses. I started using the server around 6 months back. The best part was that the SMTP servers were dumb. They were acting as open message relays for anyone who had a valid Yahoo ID. So I could send an email message as support@yahoo-inc.com using the SMTP server and the Yahoo server would happily send my email message. Worse, the receiver had very few options for detecting that the email message was fake. It came from a Yahoo server and looked like a message from Yahoo customer care and so should be genuine. The reason for this (as I suspect) were Yahoo Plus accounts. They used the same SMTP servers as the free country domain Yahoo accounts. Apparently, Yahoo didn’t verify the FROM address for its paying Yahoo Plus customers and so passed the benefits to the free customers too.

The ramifications for this became apparent. Yahoo servers started sending out spam. I had no proof in the beginning but this post verified my suspicions. Spammers became aware of the golden opportunity and started abusing Yahoo servers to the fullest. This led to really tough times for the Yahoo Mail people and their PR guys as apparent from this post on Yahoo Mail Blog. Not only were the email servers overloaded, but ISPs started blocking mails from Yahoo servers which led to delayed/undelivered mails.

Now it seems that Yahoo has changed the way it routes emails through its SMTP servers. Earlier methods were quite trivial as the mail headers would have shown.
Received: from smtp104.plus.mail.re1.yahoo.com (smtp104.plus.mail.re1.yahoo.com [69.147.102.67]) by rly-ma08.mx.aol.com (v120.9) with ESMTP id MAILRELAYINMA088-8c647354bcb3bd; Sat, 10 Nov 2007 01:12:27 -0400
Received: (qmail 55018 invoked from network); 10 Nov 2007 06:12:27 -0000
Received: from unknown (HELO localhost) (myYahooID@myIPAddress with login)
by smtp104.plus.mail.re1.yahoo.com with SMTP; 10 Nov 2007 06:12:26 -0000

Gradually Yahoo started repairing its servers from the smtp11x.plus.mail.re1.yahoo.com series to smtp10x.plus.mail.re1.yahoo.com as the latter still worked for a long time without FROM address checks.

Now the mail headers are more complicated. It seems that Yahoo does some internal checks regarding whether the FROM address is valid and then only routes the emails.
Received: from n3.bullet.mail.ac4.yahoo.com (n3.bullet.mail.ac4.yahoo.com [76.13.13.29])
by mx.google.com with SMTP id d12si10680167and.24.2008.04.05.08.35.00;
Sat, 05 Apr 2008 08:35:01 -0700 (PDT)
Received-SPF: neutral (google.com: 76.13.13.29 is neither permitted nor denied by best guess record for domain of myYahooAddress) client-ip=76.13.13.29;
DomainKey-Status: good (test mode)
Authentication-Results: mx.google.com; spf=neutral (google.com: 76.13.13.29 is neither permitted nor denied by best guess record for domain of myYahooAddress) smtp.mail=myYahooAddress; domainkeys=pass (test mode) header.From=myYahooAddress
Received: from [76.13.13.26] by n3.bullet.mail.ac4.yahoo.com with NNFMP; 05 Apr 2008 07:31:40 -0000
Received: from [68.142.237.88] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
Received: from [216.252.111.166] by t4.bullet.re3.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
Received: from [127.0.0.1] by omp101.mail.re3.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
X-Yahoo-Newman-Id: 666616.8045.bm@omp101.mail.re3.yahoo.com
Received: (qmail 61052 invoked from network); 5 Apr 2008 15:34:24 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;s=s1024; d=yahoo.co.in;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID: Date:From:User-Agent:MIME-Version:To: Subject:Content-Type:Content-Transfer-Encoding;b=1zOo54htnYlA5Gy3kNjQQVpRD8fYyEbgwwejDXI4Jr/RZ32+QDvvwYLxJOdSkbwWyJhA3P5PfBVX+mGGYePhw3TXtmfqdVSUcu/BGnwpyONzF3umcYLylkOzLBu/URre6lF+6gdEnRPsfIE3isy25r9dfELJke0wDDwqEdCEYg= ;
Received: from unknown (HELO Why?are?spaces?replaced?by??BTW?if?you?read?this?you?are?a?G33K) (myYahooID@myIPAddress with plain)by smtp103.plus.mail.re1.yahoo.com with SMTP; 5 Apr 2008 15:34:24 -0000

BTW I had told this to the Engineering head of Yahoo Atlanta during my internship interview here and he was surprised by this. Unfortunately I couldn’t demo this for him as Yahoo had started fixing this problem starting that day only.

2 Responses so far

  1. christy April 17, 2008 3:05 AM

    :o!!! How can some 1 be so ignorant…serious business for a company a big as yahoo..gud job.:)

  2. Lance October 2, 2008 2:51 PM

    I receive a ton of spam from n6.bullet.mail.ac4.yahoo.com 76.13.13.234 and your post may be the reason. Also, yahoo does not use SPF records which is just crazy to me. This is a huge problem, I have started to communicate to the management of the fortune 500 I work for, that I can not ensure mail delivery from Yahoo because of this, as our traffic shapers are doing there job and limiting the # of connections from yahoo.

Leave a Comment

Name (required)

Email (required)

:) :( :'( 8-) :^) (h) :o |-) :| :p *-) ;) :s :$ (y) (n) more »

Comments

What is 5 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

2008 (c) Rohit's Blog, Using the ReviewSaurus Theme : Powered by WordPress