Received: from [86.111.112.160] by web62302.mail.re1.yahoo.com via HTTP; Thu, 21 Apr 2011 14:38:00 PDT
Received: from [194.126.111.66] by web62301.mail.re1.yahoo.com via HTTP; Sat, 09 Apr 2011 06:39:32 PDT
Received: from [83.50.79.219] by web125413.mail.ne1.yahoo.com via HTTP; Fri, 17 Jun 2011 06:20:02 PDT
1) Were the computers that generated the spam connected to the listed IPs?
2) I believe these are in Poland, Estonia, and Spain, respectively. How does the spammer do this? Is there malware running on computers in these locations without their owners' knowing?
3) Does it appear that somebody logged onto yahoo and that yahoo accepted the messages as valid and sent them?
4) Did the spammer use a legitimate yahoo email address and password to do this?
5) Can we assume that the return address "mary@yahoo.com" was spoofed? Is it just a coincidence that she uses yahoo and the originating server is also apparently yahoo?
6) Can yahoo inform the legitimate user so that he/she can change their password?
7) Since the IP numbers are geographically far from my friend's location, can I assume her computer is not the source?
8) Is it likely that my friend has malware on her computer? In other words, does this problem indicate she might also be used as a spam source, and should she have her computer checked?