Last week we, and several others I know who run mail servers, had a significant amount of spam with faked from headers appearing to come from people known to the recipient.
By significant, I mean 10x usual spam amounts, and the upturn very similar and from the same source. Messages brief with links. Subjects Salutory. Skipped my spamassassin rules. Some of the faked froms were even in the hundred or so manually added whitelisted addresses.
Obviously theft of contact details was going on somewhere in a big way, the range of contacts was diverse and the volume startling.
In *every* single case I looked at last week the originating mail server was yahoo's.
I can't prove the two are linked, but given yahoo's historical reputation in not closing security holes together with some suggestion they actually provided, or at least knowingly assisted spammers using their systems, I can happily jump to some conclusions - one of which is that yahoo itself, or enough of its employees as to make no difference, are selling customer details and contacts and allowing UBE to flourish.
I'm having very wishful fantasies about bouncing every yahoo address or originating mail server with a "Don't use this compromised mail provider". Sadly, it's not possible to blanketly bounce yahoo and not look a dick to their genuine customers.
Adminning a mail server is a tiny part of my day so I don't have time to do any real digging, and I could be wrong about some aspects.
