Yahoo Groups has a bad spam problem and they don't care
For a while, one of the things I've noticed any time I look at our mail system is that we seem to be getting spam from Yahoo Groups. Today I decided to look at the magnitude of that spam. I'm afraid that the results are really terrible.
Over the past roughly 30 days, our main spam filter has seen 29,545 email messages with an envelope origin address at returns.groups.yahoo.com. 28,869 of them has been scored as pretty definitely spam; that's 97.7% of the messages. That's what you could call not very good, and in fact it makes Yahoo Groups the single largest envelope origin domain on all of the spam we've received over that time span.
(Interestingly the second highest is the null sender address, but it's used by less than a third as many messages as come from Yahoo Groups.)
As they say, 'but wait it gets worse'. We also have an optional
DATA-time rejection based on spam scoring. This system logs not
just basic envelope information but also the
from rejected messages, which means that I can look at what they
are for rejected Yahoo Groups messages. Those subject lines are,
well, interesting. Here, let me show you a random sample of what
I saw when I looked:
Subject: [PMX:SPAM] Hot Angelina Jolie Sex Scandal
Subject: [PMX:SPAM] Do You Want To Get Closer To The Next Love?
Subject: [PMX:SPAM] Look For Horny Chicks Near Your Home
Subject: [PMX:SPAM] nice hot girl sex on the office desk
Subject: [PMX:SPAM] Absolutely Free Cyber Casual Affaires
Subject: [PMX:SPAM] Do You Want To Have A Chat With Hot Cybersingles?
I think you get the point. By the way, this excludes many, many subject lines that contain various sorts of sex language, partly because I decided that I didn't want Wandering Thoughts to turn up internet searches for those words.
(We log the
Subject: line for because it gets annotated by the
spam scoring system and thus gives us some additional data on why
the system rejected a message if we ever need it.)
All of this is clearly sex spam. And based on both the subject lines and on the fact that it was detected by our spam system (which I'm sure is not state of the art for major online email providers), this should be stuff that Yahoo is more than capable of detecting on the way out of their systems. Yet they don't. The spam flows unimpeded and has been flowing for what I believe is now a very long time (because I've been casually noticing this stuff from Yahoo Groups for years now).
One corollary is that you almost certainly want to get any remaining legitimate groups off of Yahoo Groups, if you're involved with any. The odds are increasing that places will reject all email from Yahoo Groups (or blackball the emitting IP addresses, although Yahoo may not use dedicated IPs for Groups).
(See also this early 2012 data on top domains on spam messages and the discussion of Yahoo Groups there.)
Comments on this page:Written on 28 May 2014.