SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Yahoo IP addresses?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
scam-dum-doo
Master Baiter


Joined: 15 May 2009
Posts: 184
Location: Wherever Prince Agas needs me


PostPosted: Sun May 09, 2010 2:10 am Reply with quoteBack to top

Hey everyone,

Recently I've been rubbing a lad from the UK, or so he claims. He uses yahoo, yet the originating IP address shows as a private IP (192.168....). Has Yahoo recently changed some of their security policies or is this guy using Yahoo's SMTP services via another web-mail application or website?

Quote:
Delivered-To: -x-
Received: by 10.223.107.147 with SMTP id b19cs16289fap;
Sat, 8 May 2010 06:38:45 -0700 (PDT)
Received: by 10.223.92.153 with SMTP id r25mr1488869fam.76.1273325924314;
Sat, 08 May 2010 06:38:44 -0700 (PDT)
Return-Path: <-x->
Received: from n21.bullet.mail.ukl.yahoo.com (n21.bullet.mail.ukl.yahoo.com [87.248.110.138])
by mx.google.com with SMTP id 1si4286925far.56.2010.05.08.06.38.43;
Sat, 08 May 2010 06:38:43 -0700 (PDT)
Received-SPF: neutral (google.com: 87.248.110.138 is neither permitted nor denied by best guess record for domain of -x-) client-ip=87.248.110.138;
Authentication-Results: mx.google.com; spf=neutral (google.com: 87.248.110.138 is neither permitted nor denied by best guess record for domain of -x-) smtp.mail=-x-; dkim=pass (test mode) [email protected]
Received: from [217.146.182.179] by n21.bullet.mail.ukl.yahoo.com with NNFMP; 08 May 2010 13:38:43 -0000
Received: from [87.248.110.118] by t5.bullet.ukl.yahoo.com with NNFMP; 08 May 2010 13:38:43 -0000
Received: from [127.0.0.1] by omp223.mail.ukl.yahoo.com with NNFMP; 08 May 2010 13:38:43 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 833 invoked by uid 60001); 8 May 2010 13:38:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1273325922; bh=NKFhGLrSRk/cKW9HJDduE9+s+mSaz6eWdaxZwXmGfeM=; h=Message-ID:X-YMail-OSG:
Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=EOOqfRRPn+6DdQ/bGx5soSvZYI0M2da3iB4hTw9Ymv0K9mhoG6EZaEx
8S5ke5HNeLexgQ9Z6+XslB7p+DkgNdvcQ2uCASb2vaWiPvcKlXHVdS8p3Fr
zPnVFzI0bj0BYRatZuxeHUJS+6yB037NS7dUnktST5QNddA6usX5eE57Y=

DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.co.uk;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
b=5wXan//yl+pSB+I65si+m0gqzDUWQxA1NVqe4R0a9nQOoshKtk1t7xHyX
fAL6Ku5rdY0F9fIet2q+1UOAf20ZFFMat/LnEjm5Dwef+sBKLzTyOL3BB385FG
JlJESWIns0gJ6UeMctOAzzhRXbp3IJxKLemlBoK4BkNlsBnOeDTI=;
Message-ID: <[email protected]>
X-YMail-OSG: 8IWCcJcVM1mh5saZJfEFbwLNkGshDOPFU7M0xm8jnf9KA_F
k2r9dJk9hih86VuG2vlvzr_RMczHI63SqO6pxchFKIEwpfmetQmipz8tZVXt
ItWdTUff2zxHleUeOoh8CsKu4QZkeRFRFVxWk_8AZbNsIo0.8Omv_ybK8ieD
.tQMGiUg6QSy4pVt49wZAimGKEVODgFAAmPR6EhlYzZz57nOUnMIVE8jplTt
c4PyeXsStp_KMN6xWSgJnC4IT9exLMJvy0uFdCawxwS67zvraQCypri4XdCE
cUPMu_y865rTKz1LcEufpUxN5he5XAOOaCgK8nzok4m0tNAYH2prGcvUBqgS
.IkCqzmdsT4md0ivU4RYOEG7eTjhJlwfnAAMbc.uU0Z.5PXcKlYSfdJa833_
NA7udUZzinqUpEN.OzK.dKTBCzzjdfYLbroFAf8nyrHhUDvS1n7L85gMyBs8
W8fUrfvBoCvXm86istdnDoaXX9SumD54W1LjLEJ7Yw_mA_iVvb_r8L.jFWGm
GqSLXd1QoAfzgkIjXR_sdpcQp80lt_9u3DIbSk0qFDkPrkhVoA5RFbjzVgJB
.qhzrsNiF_XTlcERMtQ8Asv_lVqxB3qXZ1oZry8JWzZKFfTCy9arqm0oTHWG
KrqQZQzYlVoyv4kqzACFcYsRMDwIGnRr4GmLS.1_mXpYJAk5UWG7puuzba.7
x6DZVeHIkEpKKRM66.App6OKuZ5obk0_A8RIMCWJhY_XklyQPXBKZBuZK
MXS
0KMA1SwtvXzPkXrtaCl2PTYrKkMcCxwxXGhAwfB1f4D_wSK3lrNj_2s1n9tB
V2NYRE7al1ktSzufNWEmBiYPeWo3_JB4Qft1h0NBQct6Q_xtI.08eB8HwomK
Hk8imp8mmn40-
Received: from [192.168.1.4] by web29201.mail.ird.yahoo.com via HTTP; Sat, 08 May 2010 13:38:42 GMT
X-Mailer: YahooMailClassic/10.1.11 YahooMailWebService/0.8.103.269680
Date: Sat, 8 May 2010 13:38:42 +0000 (GMT)
From: -x-
Subject: -x-
To: -x-
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-279380538-1273325922=:99917"

--0-279380538-1273325922=:99917
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable


I've tried all the IP addresses within the email's headers. They all route back to Yahoo, meaning none of them are from my lad. Any ideas?

_________________
"For God sec i don't know why you should be afraid at this pointing time." - Doki Gbagidi

x6 Closed lad accounts
Canada Benin United Kingdom China Thailand United States
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerSkype NameICQ Number
Ima Baeder
419Eater Admin


Joined: 03 May 2007
Posts: 18314


PostPosted: Sun May 09, 2010 3:35 am Reply with quoteBack to top

Quote:
with NNFMP;


This has something to do with it. We see it all the time at SW's but I can't remember how to explain it. I'll do some searching and post links if I can find it. If anyone else wants to chime in before I am able to, please do.

There's some info here but not a good explanation: http://groups.google.ca/group/alt.spam/browse_thread/thread/5ef98da0804d7086/8b2b9b3610c4055a?lnk=raot

Edit: more info here: http://jamesoff.net/site/2003/11/17/nnfmp/

Post from that link:

Quote:
According to the Yahoo postmaster, any message containing a “with NNFMP” clause is a FORGED message:

‘It appears that the sender of this message forged the header information to give the impression that it came from your email address. The sender seems to have used your email address in the “reply-to” and/or the “from” field of the message sent out and, as a result, misdirected email is being returned to you.’

I received the same response when I told them that I noticed the clause on mail I actually did send (to myself at another site) via webmail:

‘WRONG. This is a rejection of a message I actually sent. Yahoo is inserting invalid header data into its “Received:” headers. NNFMP is not a valid protocol for use with “WITH” per the IANA.’

Yahoo’s response indicating that it was still a forged message tells me that they do not know what they’re doing. Their servers DID generate such headers, yet they won’t recognize such.

My answer came from:

Austine Yahoo! Customer Care 66929704

Re: Fw: failure notice (KMM101597777V72148L0KM)

The message to myself contained this: Received: from [76.13.13.26] by n4.bullet.mail.ac4.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [68.142.237.87] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [216.252.111.169] by t3.bullet.re3.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [127.0.0.1] by omp104.mail.re3.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: [email protected]

Received: (qmail 64166 invoked by uid 60001); 16 Dec 2009 20:59:45 -0000

Since it appears to be Yahoo’s official position that “with NNFMP” is forged, I suggest that everyone BLOCK every message that contains such. Eventually, Yahoo’s mail users (myself included) won’t be able to send mail to anyone, and Yahoo will finally figure out that what they have done is non-standard and fix their broken mail service.

_________________
348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
wowwow
Elite Baiter


Joined: 14 Apr 2009
Posts: 1796
Location: Here is the picture of the cash in the boxes before we send it down to the company to deposited it


PostPosted: Sun May 09, 2010 9:03 am Reply with quoteBack to top

Here here.
I've had years of issues with Yahoo and hotmail with their crappy mail services. NNFMP is a proprietary Yahoo! Mail protocol used internally. It is believed to be similar to SMTP, but not RFC compliant.

What they told you is definately not true. Yahoo say because you have a 'free' Yahoo account, and have subscribed to their mail service terms and conditions, they have the 'right' to rewrite your e-mails, block them and basically do what they want with them.

_________________
Please do not contact anybody again expect me on here because they are many hijackers on internet SGT Tony Benson
OK IF THERE IS A BULLET IN YOUR HEAD IS THAT ENOUGH PROOF Devil Killer Squad
YOU CALL THE F B I BASTARDS. YOU WILL SUFFER FOR THIS. WE HAVE TRACED YOU WITH ALL YOUR DETAILS FBI WARNS
I am the person who owns the safe firm in UK but right now on sick bed for my heart surgery due to my heart failure M Efosa
Tell them to go to hell and burn to arches Prince Jerry Zulusofola
I don’t have job, I am a hacker, hacking jawing stick and Sachet water Udeh Ebuka
http://forum.419eater.com/forum/viewtopic.php?t=162469
Closed lad accounts x5 Easter Egg 2012
View user's profileSend private message
scam-dum-doo
Master Baiter


Joined: 15 May 2009
Posts: 184
Location: Wherever Prince Agas needs me


PostPosted: Tue May 11, 2010 3:00 pm Reply with quoteBack to top

Ima Baeder wrote:
Quote:
with NNFMP;


This has something to do with it. We see it all the time at SW's but I can't remember how to explain it. I'll do some searching and post links if I can find it. If anyone else wants to chime in before I am able to, please do.

There's some info here but not a good explanation: http://groups.google.ca/group/alt.spam/browse_thread/thread/5ef98da0804d7086/8b2b9b3610c4055a?lnk=raot

Edit: more info here: http://jamesoff.net/site/2003/11/17/nnfmp/

Post from that link:

Quote:
According to the Yahoo postmaster, any message containing a “with NNFMP” clause is a FORGED message:

‘It appears that the sender of this message forged the header information to give the impression that it came from your email address. The sender seems to have used your email address in the “reply-to” and/or the “from” field of the message sent out and, as a result, misdirected email is being returned to you.’

I received the same response when I told them that I noticed the clause on mail I actually did send (to myself at another site) via webmail:

‘WRONG. This is a rejection of a message I actually sent. Yahoo is inserting invalid header data into its “Received:” headers. NNFMP is not a valid protocol for use with “WITH” per the IANA.’

Yahoo’s response indicating that it was still a forged message tells me that they do not know what they’re doing. Their servers DID generate such headers, yet they won’t recognize such.

My answer came from:

Austine Yahoo! Customer Care 66929704

Re: Fw: failure notice (KMM101597777V72148L0KM)

The message to myself contained this: Received: from [76.13.13.26] by n4.bullet.mail.ac4.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [68.142.237.87] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [216.252.111.169] by t3.bullet.re3.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 Received: from [127.0.0.1] by omp104.mail.re3.yahoo.com with NNFMP; 16 Dec 2009 20:59:45 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: [email protected]

Received: (qmail 64166 invoked by uid 60001); 16 Dec 2009 20:59:45 -0000

Since it appears to be Yahoo’s official position that “with NNFMP” is forged, I suggest that everyone BLOCK every message that contains such. Eventually, Yahoo’s mail users (myself included) won’t be able to send mail to anyone, and Yahoo will finally figure out that what they have done is non-standard and fix their broken mail service.

Thanks for the explanation.

_________________
"For God sec i don't know why you should be afraid at this pointing time." - Doki Gbagidi

x6 Closed lad accounts
Canada Benin United Kingdom China Thailand United States
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerSkype NameICQ Number
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT