_spf.mail.yahoo.com SPF record validates any IP with a PTR within yahoo.com or yahoo.net. Unless someone's spoofing rDNS it's from one of their MTAs. https://secure.fraudmarc.com/tool/spf/_spf.mail.yahoo.com
Googling around, other example records: tm13.bullet.mail.sg3.yahoo.com (old result, no longer active) sonic305-46.consmr.mail.sg3.yahoo.com (https://ipinfo.io/106.10.241.109) sonic308.consmr.mail.sg3.yahoo.com (https://ipinfo.io/106.10.241.4) w2.src.vip.sg3.yahoo.com (https://ipinfo.io/106.10.248.150) SG3 may be a Yahoo means of denoting it's a Singapore AS with 3 routes/prefixes? (https://dnslytics.com/ip/106.10.128.0-106.10.255.255) etc. It's an AS registered at APNIC, managed by Yahoo Inc. employees and whose parent AS is Oath Holdings (ARIN AS10310). https://ipinfo.io/AS56173 https://radar.qrator.net/as56173/whois http://ipv4info.com/org/s8dcb53/IRT-YAHOO-AP.html https://wq.apnic.net/static/search.html Your system, your drop rules :-) On Thu, 23 May 2019 at 18:10, MRob via mailop <mailop@mailop.org> wrote: > In logs I see a large amount spam from servers like > > sonic303-21.consmr.mail.sg3.yahoo.com > > ..this looks like it could be a home DSL location but before I ban all > of sg3.yahoo.com I would like to ask, where does valid Yahoo mail come > from? > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
