John Levine wrote: > > In AOL's case, I presume it's because it's become painfully apparent > that crooks are stealing vast numbers of AOL address books and > spamming to them from the matching AOL user addresses. This is loudly > slamming the barn door after the horse left. Too bad for all the > people whose feet were crushed as they did so. I received spam EMail from a friend with @yahoo.com account on 26-Mar-2014 based on what appears to be a stolen address book. It did not come through any yahoo mail servers, carried 19 additional email addresses from my friends address book in Cc: and contained an URL to some aggressive advertisement site besides the first+last real name of my friend (subject was also only my friends first+last name). I don't know whether that site also served any malware along with the aggressive advertisement, I opened it in a virtual environment with a browser having active content disabled. The advertisement was shown in my local language (German) although I was the only German among the visible recipients. Btw. I can successfully send myself EMail with fake @yahoo.com in From: to my work Email account (where I originally received that spam), and there is no problem in receiving. (Our comany email does not seem to perform any of the crazy DMARC processing). -Martin