This example is for spam originating from yahoo, afaict, but it seems to me there is little or no interest at large isps to facilitate reporting and removal of their spammer clients.
For example, I receive a spam mail and look at "Full Headers" in my mail program:
From: - Wed Jan 30 05:08:37 2013
X-Account-Key: account1
X-UIDL: 11e2-6ade-05390b52-8db7-002128145dd6
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Status: U
Return-Path: <meetasharana@yahoo.in>
Received: from strange.mail.mindspring.net ([207.69.200.30]) by
mdl-absent.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1u0xo554X3Nl36W0; Wed, 30 Jan 2013 08:07:37 -0500 (EST)
Received: from nm18-vm1.bullet.mail.bf1.yahoo.com ([98.139.213.145]) by
strange.mail.mindspring.net (EarthLink SMTP Server) with SMTP id
1u0xo576H3Nl3oW0 for <me>; Wed, 30 Jan 2013 08:07:37 -0500 (EST)
Received: from [98.139.215.140] by nm18.bullet.mail.bf1.yahoo.com with NNFMP; 30
Jan 2013 13:07:37 -0000
Received: from [98.139.211.196] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 30
Jan 2013 13:07:37 -0000
Received: from [127.0.0.1] by smtp205.mail.bf1.yahoo.com with NNFMP; 30 Jan 2013
13:07:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.in; s=s1024;
t=1359551257; bh=QNYKjTHlDy+HSpDXplEcvsfhQ2L/QF07cwsQLq6F32g=;
h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:
Received:Subject:To:From:Date;
b=Lr2t2Y+x8vyu86pdJwzrg0PoHOJXfjN09z1/uEmjdiSfyJqVWJ1ehtIwhqe/
gehkksAsNBIhdsZa697QdYnHTJ96q3y4j7DCaQVCNpgeNsTcuH+is+VWMO8/EZTSTGww1akS+
iY9O7Br6dAyFqigkKGZYjtRJ5lGLcp7kowhM3k=
X-Yahoo-Newman-Id: 76322.65794.bm@smtp205.mail.bf1.yahoo.com
Message-ID: <76322.65794.bm@smtp205.mail.bf1.yahoo.com>
X-Yahoo-Newman-Property: ymail-5
X-YMail-OSG: 3zV3ybMVM1kh67ao4g.GOR5U_HeJFUk.icuk5YMeOCvCLki
AxCdXzPPdB5KGkI5HeivjfWNOu7LKr5tmyV4o2rThi9YJ79OZPneZkTEqxfw
fwNB1lLVkYGYUgosyaw1TZQiKZSf8OJlSpYFXb87jSLPkJAUwIsH63vYqfrU
aeMKMDtvtotanKT1KrzEJGwywyFo7t7pwHOIUOWqmU5C6gVYzy8muq8JUjIp
g2qn1tE2Wpi_KstYwmGupQxdhulhJaSwO8081HmkhM7cBC_sq82WFtOfKrgy
DsBiwwNry1pj.wYfKUcVWnIqa.CCYq0a.CUQfhN.RbPFnEVzCkrRVC9_Ipv8
yPhFmMKcFCLAoU6mu1gyP3iveOUf3IKqgo_ejM0Rvz8ygt21bnYPJ5yRh5RR
7mPqtu24jD_w_jNfw_ADEbVbc3.CCLTV00pr2BddzYMlwJ_Wq3A0.lmJRbSB
j1eteUdVgtP3AeikdBKX7sMygZ2e2vuyUlC4AqxFDKEAaBM4KPClzk2k8Vl4
08DNxctWEiJ9W1HR0jDBA66sfnydHUot3s2jtkKhw4sp83d_TahnLzZF52DI Jq9hyuqA-
X-Yahoo-SMTP: zi.sGBuswBAomZl6u9XXh2v2dmBsOO1j8w--
Received: from localhost (meetasharana@115.111.46.100 with login) by
smtp205.mail.bf1.yahoo.com with SMTP; 30 Jan 2013 05:07:37 -0800 PST
Subject: GREAT!!!!!!!!!!
To: me <me>
From: Hayes Kolb <meetasharana@yahoo.in>
Date: Wed, 30 Jan 2013 04:40:57 -0700 (PDT)
X-ELNK-Received-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=bb; sbw=000;
I do a whois lookup on what I think is the originating IP:
$ whois 98.139.211.196
#
# Query terms are ambiguous. The query is assumed to be:
# "n 98.139.211.196"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=98.139.211.196?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 98.136.0.0 - 98.139.255.255
CIDR: 98.136.0.0/14
OriginAS:
NetName: A-YAHOO-US9
NetHandle: NET-98-136-0-0-1
Parent: NET-98-0-0-0-0
NetType: Direct Allocation
RegDate: 2007-12-07
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-98-136-0-0-1
OrgName: Yahoo! Inc.
OrgId: YHOO
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
RegDate: 2000-10-23
Updated: 2009-05-18
Ref: http://whois.arin.net/rest/org/YHOO
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: network-abuse@cc.yahoo-inc.com
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: netblockadmin@yahoo-inc.com
OrgTechRef: http://whois.arin.net/rest/poc/NA258-ARIN
RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com
RAbuseRef: http://whois.arin.net/rest/poc/NETWO857-ARIN
RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: netblockadmin@yahoo-inc.com
RTechRef: http://whois.arin.net/rest/poc/NA258-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
and I forward the spam, with full headers, to the listed abuse email addy:
network-abuse@cc.yahoo-inc.com
That bounces, with:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
network-abuse@cc.yahoo-inc.com
SMTP error from remote mail server after RCPT TO:<network-abuse@cc.yahoo-inc.com>:
host ccmrin1.corp.bf1.yahoo.com [98.139.248.214]:
553 5.3.0 <network-abuse@cc.yahoo-inc.com>... User unknown
I have gone to the webpage referenced in the whois records:
on that page, gone to:
from there, to:
where is the text of this topic:
Point of Contact
Note ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2010-06-18
Once, I sent an email to ARIN, asking if there was some agency with the authority to enforce the rules/protocols but got no answer. I see smaller, one-man isps with abuse email boxes that are full and larger outfits who filter and bounce the spam reports as spam. There doesn't seem to be an effective system in place to enable reporting and stopping the spammer.
I do see this:
Got Spam? Report it here. and have used that.
I wonder whether »
www.spamcop.net/ has a different POC for yahoo than what whois returns.....