Yahoo has come up with an innovative new way to cut down on abuse of its free Yahoo Mail service: simply pretend it doesn't exist.
This evening, a particularly weak phishing e-mail landed in my mailbox. It read:
Dear customer,
Your account has been temporarily limited
Click here (phishing site) to resolve the problem
Thank You.
The from line said PayPal Inc., but the reply-to address was bwghrm@yahoo.com.
As is my habit, I forwarded the mail to abuse@paypal.com and abuse@yahoo.com. I didn't think much of it. I've forwarded lots of mail like this to Yahoo in the past. I never hear back from them, but somehow I hope that maybe Yahoo is paying attention and making it a little harder for phishers to send out spam from its accounts.
This time, however, I did get a message back from Yahoo. It read:
Delivery Failure Report
Your message: paypal phish
was not delivered to: abuse@yahoo.com
because: Error transferring to c.mx.mail.YAHOO.COM; SMTP Protocol Returned a Permanent Error 554 Message not allowed - UP Email not accepted for policy reasons. Please visit http://help.yahoo.com/help/us/mail/defer/defer-04.html [120]
According to Yahoo, this means that my phishing report was blocked because, well, because it contained phishing information.
Why would Yahoo do this? To keep its response staff from being inadvertently phished? There's no good reason. If you dig around on Yahoo's Web site for a bit, you find that they want you to report phishing to the easy-to-remember phishing@cc.yahoo-inc.com address, rather than the industry standard abuse@yahoo.com. But who is going to take the time to dig up this address? A cynic would say that this is a quick and easy way to make it look like abuse complaints are diminishing. Yahoo is a deeply troubled company and keeping phishers from using its services is ugly, labor intensive (read expensive) work. Obviously it's doing a little less of this work tonight.
