Two comments. <soapbox> First, it's everyone's responsibility to do what's necessary to prevent their operation from being an abuse source, vector, or support service. That includes registrars, web hosts, DNS providers, email services, consumer ISPs, webmail services, corporations, end-users -- *everyone*. Nobody gets a pass. Of course, this isn't what's happening: and that's why abuse is such a massive problem. If people actually (gasp!) began running their operations in a responsible manner (starting with very simple and easy measures like "read your abuse mailbox and take immediate action on all reported problems") then all these issues would of course still exist -- but at greatly reduced levels. However, it seems that many prefer to implicitly support abuse by doing nothing...that is, until their network neighbors grow tired of their inaction, and decide to put a cork in it by collaboratively blacklisting them -- at which point, the typical response, instead of being a contrite admission of long-term systemic failure, is plaintive, mock-outraged whining about how terribly unfair it all is. </soapbox> Second, it appears to me that Yahoo may be contending with Microsoft for the title of "largest spam-and-abuse support operation on the Internet". Both are completely infested with abusers of all descriptions, not just in the freemail operations, but their mailing lists, web hosting, etc. Both have established very long track records of not just failing to take action, but *refusing* to take action, even when someone else does their job for them, compiles the applicable evidence, and presents it to them. (Search, for example, the Google archives of Usenet for either "yahoo clueless" or "hotmail clueless" for more examples than any sane person, or even Fergie ;-), would ever want to read.) Here's a recent note (courtesy of John Levine) which is complementary to the one previously presented concerning Yahoo: From: johnl@iecc.com (John R. Levine) Newsgroups: news.admin.net-abuse.email Subject: Re: Microsoft -- starting to support spam? Date: 24 Aug 2005 11:25:40 -0400 [...] The other day I collected a list of domains hosted by MSN. Here's a few. If you were in the domain hosting business, would you let your customers register and use these? Microsoft did. MY-EBAY-EBAY.COM MY-EBAY-SIGNIN-BILLING-ACCOUNT.COM MY-EBAYAUCTION.COM MYEBAY-EBAY.COM ONLINE-EBAY-ESCROW.COM ONLINEAUCTIONSONEBAY.COM ONLINESAFETY-EBAY.COM PAYMENT-CONFIRM-EBAY.COM PAYMENT-DEPARTAMENT-EBAY.COM PAYMENT-DEPARTMENT-EBAY.COM PAYMENT-EBAYALERT.COM PAYMENTS-EBAY-SQUARETRADE.COM PAYMENTSUPPORT-EBAY.COM PLANETEBAY-VERIFICATION.COM PLANETEBAYONLINE.COM PURCHASE-EBAYSQUARETRADE.COM REACTIVE-EBAY.COM SAFE-DEPARTAMENT-EBAY.COM SAFE-SQUARETRADE-EBAYDEALS.COM SAFEDEALS-EBAYSQUARETRADE.COM SAFEDEPARTAMENT-EBAY.COM SAFEHARBOR-EBAYCENTRAL.COM SAFETY-PROTECTION-EBAY.COM SAFETYTEAM-EBAY.COM SCGI-EBAY-EBAYISAPI-DLL.COM PAYPAL-ACCOUNT-8414SWQ9.COM PAYPAL-ACCOUNT-SA435QS.COM PAYPAL-ACCOUNTINGS.COM PAYPAL-ACCOUNTS-UPDATE.COM PAYPAL-ALERT.COM PAYPAL-CONFIRMATION-ID-0746795.COM PAYPAL-CONFIRMATION-ID-PP0746S795.COM PAYPAL-CONFIRMATION-ID-PP4145570.COM PAYPAL-FRAUD-ALERT.COM PAYPAL-INTL-SERVICE.COM PAYPAL-MEMBER-SERVICES.COM PAYPAL-SECURES-UPDATES.COM R's, John Keep this in mind when anyone from either Yahoo or Microsoft pretends to somehow be interested in "anti-spam" or "anti-phishing" activities. Neither has demonstrated, to date, the slightest inclination or ability to even keep its own operation relatively free of spammers, phishers, etc. despite having at its fingertips the cumulative work of a large number of netizens who have diligently reported these problems to them. It's thus completely disengenuous of them to feign any interest in doing so on an Internet-wide basis. ---Rsk