[81220] in North American Network Operators' Group
Re: Verizon is easily fooled by spamming zombies
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Wed Jun 1 13:05:44 2005
In-Reply-To: <429DE9B5.4040304@solid-state-logic.com>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Wed, 1 Jun 2005 13:05:12 -0400
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Jun 1, 2005, at 1:00 PM, Martin Hepworth wrote:
> Patrick W. Gilmore wrote:
>
>> On Jun 1, 2005, at 12:28 PM, Steven Champeon wrote:
>>
>>> IOW, VZ isn't even checking to see if a zombie'd host is forging its
>>> own domain into HELO, regardless of whether it comes from Comcast or
>>> UUNet, and as long as the forged sender has a verizon.net
>>> address, and
>>> the recipient hasn't blocked VZ's silly callback system, the message
>>> is relayed. Thanks, Verizon. We can hear you now.
>>>
>> The other half of this is if you are on VZ's network and try to
>> send mail through their system, you cannot unless you have a
>> "verizon.net" from address. Or at least that was the case when
>> my friend with VZ DSL tried to send e-mail through VZ from her
>> personal domain.
>
> Assuming it does via their systems - most zombies have their own
> smtp engine from what I understand
Zombies do both, but my comment wasn't about zombies, it was about
users. If you are a user with a vanity domain trying to send e-mail
"From: user@vanity.domain", you cannot through VZ's system. Despite
the fact we have spent years telling people they have to use their
local ISP's mail server to send mail out.
Does VZ support SMTP AUTH these days? (My info is over a year old.)
--
TTFN,
patrick
