[81217] in North American Network Operators' Group
Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)
daemon@ATHENA.MIT.EDU (Steven Champeon)
Wed Jun 1 12:28:55 2005
X-Received-From: schampeo@habanero.hesketh.net
X-Delivered-To: <nanog@nanog.org>
Date: Wed, 1 Jun 2005 12:28:22 -0400
From: Steven Champeon <schampeo@hesketh.com>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <20050601160733.GA23575@gsp.org>
Errors-To: owner-nanog@merit.edu
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
> (As to Verizon itself, since three different people pointed out the
> relative lack of SBL listings: keep in mind that SBL listings are put
> in place for very specific reasons, and aren't the only indicator of
> spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria
> and thus provide different measurements (if you will) of spam. So,
> to give a sample data point, in the last week alone, there have been
> 315 spam attempts directed at *just this address* from 194 different
> IP addresses (list attached) that belong to VZ. Have I reported them?
> Of *course* not. What would be the point in that?)
<snip evidence of astounding lack of clue of VZ's customers>
Zombies I expect; what's worse is that they're /obviously/ not even
doing the most basic checks:
Received: from verizon.net ([63.24.130.230])
(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([68.130.237.39])
(68.130.237.39 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([68.130.237.35])
(68.130.237.35 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([65.34.38.26])
(65.34.38.26 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([65.34.184.15])
(65.34.184.15 is c-65-34-184-15.hsd1.fl.comcast.net, etc.)
IOW, VZ isn't even checking to see if a zombie'd host is forging its
own domain into HELO, regardless of whether it comes from Comcast or
UUNet, and as long as the forged sender has a verizon.net address, and
the recipient hasn't blocked VZ's silly callback system, the message
is relayed. Thanks, Verizon. We can hear you now.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
