Yahoo Groups has a bad spam problem and they don't care

May 28, 2014

For a while, one of the things I've noticed any time I look at our mail system is that we seem to be getting spam from Yahoo Groups. Today I decided to look at the magnitude of that spam. I'm afraid that the results are really terrible.

Over the past roughly 30 days, our main spam filter has seen 29,545 email messages with an envelope origin address at 28,869 of them has been scored as pretty definitely spam; that's 97.7% of the messages. That's what you could call not very good, and in fact it makes Yahoo Groups the single largest envelope origin domain on all of the spam we've received over that time span.

(Interestingly the second highest is the null sender address, but it's used by less than a third as many messages as come from Yahoo Groups.)

As they say, 'but wait it gets worse'. We also have an optional DATA-time rejection based on spam scoring. This system logs not just basic envelope information but also the Subject: headers from rejected messages, which means that I can look at what they are for rejected Yahoo Groups messages. Those subject lines are, well, interesting. Here, let me show you a random sample of what I saw when I looked:

Subject: [PMX:SPAM] Hot Angelina Jolie Sex Scandal
Subject: [PMX:SPAM] Do You Want To Get Closer To The Next Love?
Subject: [PMX:SPAM] Look For Horny Chicks Near Your Home
Subject: [PMX:SPAM] nice hot girl sex on the office desk
Subject: [PMX:SPAM] Absolutely Free Cyber Casual Affaires
Subject: [PMX:SPAM] Do You Want To Have A Chat With Hot Cybersingles?

I think you get the point. By the way, this excludes many, many subject lines that contain various sorts of sex language, partly because I decided that I didn't want Wandering Thoughts to turn up internet searches for those words.

(We log the Subject: line for because it gets annotated by the spam scoring system and thus gives us some additional data on why the system rejected a message if we ever need it.)

All of this is clearly sex spam. And based on both the subject lines and on the fact that it was detected by our spam system (which I'm sure is not state of the art for major online email providers), this should be stuff that Yahoo is more than capable of detecting on the way out of their systems. Yet they don't. The spam flows unimpeded and has been flowing for what I believe is now a very long time (because I've been casually noticing this stuff from Yahoo Groups for years now).

One corollary is that you almost certainly want to get any remaining legitimate groups off of Yahoo Groups, if you're involved with any. The odds are increasing that places will reject all email from Yahoo Groups (or blackball the emitting IP addresses, although Yahoo may not use dedicated IPs for Groups).

(See also this early 2012 data on top domains on spam messages and the discussion of Yahoo Groups there.)

Comments on this page:

And the alternative is...?

By cks at 2014-05-28 23:42:38:

I don't know what a good alternative mailing list host is, partly because I'm not current in the area and I haven't done any research.

(I'm reluctant to recommend Google Groups given past issues but at least I don't think they're a constant firehose of obvious spam and they are used by any number of real groups, including some that Googlers actually care about.)

Yes.... it seems that peace, environment, animal rights, spiritual, abolition and other sites are being targeted.

Yahoo claims they can't remove it.

Written on 28 May 2014.
« Some things for enumerated constants in Go
The state of limits on how many groups you can be in (especially for NFS) »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed May 28 00:34:58 2014
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.