This example is for spam originating from yahoo, afaict, but it seems to me there is little or no interest at large isps to facilitate reporting and removal of their spammer clients.
For example, I receive a spam mail and look at "Full Headers" in my mail program:
From: - Wed Jan 30 05:08:37 2013
Received: from strange.mail.mindspring.net ([184.108.40.206]) by
mdl-absent.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1u0xo554X3Nl36W0; Wed, 30 Jan 2013 08:07:37 -0500 (EST)
Received: from nm18-vm1.bullet.mail.bf1.yahoo.com ([220.127.116.11]) by
strange.mail.mindspring.net (EarthLink SMTP Server) with SMTP id
1u0xo576H3Nl3oW0 for <me>; Wed, 30 Jan 2013 08:07:37 -0500 (EST)
Received: from [18.104.22.168] by nm18.bullet.mail.bf1.yahoo.com with NNFMP; 30
Jan 2013 13:07:37 -0000
Received: from [22.214.171.124] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 30
Jan 2013 13:07:37 -0000
Received: from [127.0.0.1] by smtp205.mail.bf1.yahoo.com with NNFMP; 30 Jan 2013
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.in; s=s1024;
Received: from localhost (firstname.lastname@example.org with login) by
smtp205.mail.bf1.yahoo.com with SMTP; 30 Jan 2013 05:07:37 -0800 PST
To: me <me>
From: Hayes Kolb <email@example.com>
Date: Wed, 30 Jan 2013 04:40:57 -0700 (PDT)
X-ELNK-Info: sbv=0; sbrc=.0; sbf=bb; sbw=000;
I do a whois lookup on what I think is the originating IP:
$ whois 126.96.36.199
# Query terms are ambiguous. The query is assumed to be:
# "n 188.8.131.52"
# Use "?" to get help.
# The following results may also be obtained via:
NetRange: 184.108.40.206 - 220.127.116.11
NetType: Direct Allocation
OrgName: Yahoo! Inc.
Address: 701 First Ave
OrgAbuseName: Network Abuse
OrgTechName: Netblock Admin
RAbuseName: Network Abuse
RTechName: Netblock Admin
# available at: https://www.arin.net/whois_tou.html
and I forward the spam, with full headers, to the listed abuse email addy:
That bounces, with:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mail server after RCPT TO:<firstname.lastname@example.org>:
host ccmrin1.corp.bf1.yahoo.com [18.104.22.168]:
553 5.3.0 <email@example.com>... User unknown
I have gone to the webpage referenced in the whois records:
on that page, gone to:
from there, to:
where is the text of this topic:
Point of Contact
Note ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2010-06-18
Once, I sent an email to ARIN, asking if there was some agency with the authority to enforce the rules/protocols but got no answer. I see smaller, one-man isps with abuse email boxes that are full and larger outfits who filter and bounce the spam reports as spam. There doesn't seem to be an effective system in place to enable reporting and stopping the spammer.
I do see this: Got Spam? Report it here.
and have used that.
I wonder whether »www.spamcop.net/
has a different POC for yahoo than what whois returns.....