Skip to content

Yahoo Spam

So, like everyone else, I have been getting a lot of SPAM emails and malicious web link emails allegedly from friends who are users of Yahoo’s free email service.

It turns out that the email is not from those friends (of course), and their Windows PCs are probably not infected with a virus as most of us originally assumed. It appears that the spammers have figured out a way to reliably hack into two parts of Yahoo’s free email service:

  1. they are or were at one time able to harvest the contacts stored on the Yahoo service for each Yahoo email member and they can continue using those harvested contacts
  2. they have figured out how to inject SPAM into Yahoo’s mail relays and get Yahoo to send the mail to the targeted lists pulled from stored contact list and forge the FROM and REPLY TO headers to be that of the Yahoo email user

This creates a hole that SPAM can come through all my own filters because it appears to be from a legitimate friend on Yahoo’s email service.

Yahoo as a mail service provider needs to be spanked by their customers and by all the businesses who also run large mail spools and who have more SPAM than usual to deal with since the end of January. I suspect that is being done already by Yahoo customers and business partners. Yahoo needs to close BOTH security holes.

I am more interested in what can be done by Yahoo users of the free service to mitigate the problem while Yahoo drags it’s feet fixing the security holes.

If you have ever had a free Yahoo account, please do the following as a courtesy to your own friends:

  • Sign into your yahoo email account, copy all of your contacts that are stored on the Yahoo service to some other place (your PC, a notepad, or the fridge door)
  • Then carefully delete every contact stored on the Yahoo service.
  • This means Yahoo email users will need to use a contact list (address book) stored local to their laptop or on a notepad rather than Yahoo’s service provided contact list… sorry.

    That will prevent future target lists of your friends being assembled. Sadly there is nothing you can do if the spammers are storing their own list of targets and trusted senders like you; but at least they cannot harvest new ones.

Gradually this will fix itself, but in the short term expect problems with Yahoo’s mail service and Yahoo mail to get less usable for a while as other companies reject all Yahoo mail (an inappropriate over-reaction).

Post a Comment

Your email is never published nor shared. Required fields are marked *