On 27.08.2012, Aaron Konstam wrote:
Received: from 127.0.0.1 (EHLO
pos81n-nds-36.positionstrends.com)
(184.172.130.36) by
mta1050.sbc.mail.ne1.yahoo.com with SMTP; Sat, 25
Aug 2012 15:51:30 +0000
Somebody claiming to be "pos81n-nds-36.positionstrends.com" with the
IP adress 184.172.130.36 posted this mail to one of the Yahoo
mailservers.
[root@wildsau ~]# whois 184.172.130.36
[Querying
whois.arin.net]
[Redirected to rwhois.theplanet.com:4321]
[Querying
rwhois.theplanet.com]
[
rwhois.theplanet.com]
%rwhois V-1.5:003fff:00
rwhois.softlayer.com (by Network Solutions,
Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.184.172.128.0/18
network:Auth-Area:184.172.128.0/18
network:Network-Name:SOFTLAYER-184.172.128.0
network:IP-Network:184.172.130.32/29
network:IP-Network-Block:184.172.130.32-184.172.130.39
network:Organization;I:Brick Run Media
network:Street-Address:209 West 20th 3A
network:City:New York
network:State:NY
network:Postal-Code:10011
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@fulltimedo.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20120125
network:Updated:20120125
network:Updated-By:ipadmin@softlayer.com
So the spammer is in the netblock of "softlayer.com", most probably a
customer of them. Write a complaint to "abuse(a)fulltimedo.com" with a
copy to "sysadmins(a)softlayer.com", including one of the spam emails
incl. the full header.