Cc: nanog@nanog.org Subject: Re: Have Yahoo! gone pink? From: Valdis.Kletnieks@vt.edu Date: Wed, 29 Mar 2006 16:55:23 -0500
--==_Exmh_1143669323_3096P Content-Type: text/plain; charset=us-ascii
On Wed, 29 Mar 2006 21:28:26 GMT, Peter Corlett said:
Yahoo claim "After investigation, we have determined that this email message did not originate from the Yahoo! Mail system.
Received: from EXCHG01-DUB.Europe.Search.Corpsys.P4pnet.net (cluster01-dub.europe.search.corpsys.p4pnet.net [172.30.132.19]) by mrout3.yahoo.com (8.13.4/8.13.4/y.out) with ESMTP id k2FIupeH049008; Wed, 15 Mar 2006 10:56:52 -0800 (PST)
Hey, what do you know... if you trust both uksolutions.net and yahoo.com's Received: lines, it didn't originate at Yahoo - it came from p4pnet.net. ;)
(A fine demonstration of the difference between being truthful and being helpful :)
Of course, this ignores the fact that '172.30.132.19' is in RFC-1918 space. <wry grin> Now _how_ 'mrout3.yahoo.com' got that message *is* open for speculation. Even more interesting is how it got DNS name resolution on that address. Best available evidence indicates that _that_ header line is a total fabrication. As I recall, the header added by the destination system showed receipt from a yahoo machine (and a valid IP address, belonging to yahoo). It's possible that yahoo's auto-parsing got misled by the bogus header shown above.
--==_Exmh_1143669323_3096P Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001
iD8DBQFEKwJLcC3lWbTT17ARAhcbAKDYpN/L2fVwYu9w2E4jG1P+knnPFwCdEliY YSY/cunFfCJoJ8zky9YhYP8= =qdCE -----END PGP SIGNATURE-----
--==_Exmh_1143669323_3096P--