Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)
Steven Champeon
schampeo at hesketh.com
Wed Jun 1 16:28:22 UTC 2005
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
> (As to Verizon itself, since three different people pointed out the
> relative lack of SBL listings: keep in mind that SBL listings are put
> in place for very specific reasons, and aren't the only indicator of
> spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria
> and thus provide different measurements (if you will) of spam. So,
> to give a sample data point, in the last week alone, there have been
> 315 spam attempts directed at *just this address* from 194 different
> IP addresses (list attached) that belong to VZ. Have I reported them?
> Of *course* not. What would be the point in that?)
<snip evidence of astounding lack of clue of VZ's customers>
Zombies I expect; what's worse is that they're /obviously/ not even
doing the most basic checks:
Received: from verizon.net ([63.24.130.230])
(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([68.130.237.39])
(68.130.237.39 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([68.130.237.35])
(68.130.237.35 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([65.34.38.26])
(65.34.38.26 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net'
and VZ still relayed it)
Received: from verizon.net ([65.34.184.15])
(65.34.184.15 is c-65-34-184-15.hsd1.fl.comcast.net, etc.)
IOW, VZ isn't even checking to see if a zombie'd host is forging its
own domain into HELO, regardless of whether it comes from Comcast or
UUNet, and as long as the forged sender has a verizon.net address, and
the recipient hasn't blocked VZ's silly callback system, the message
is relayed. Thanks, Verizon. We can hear you now.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us! http://hesketh.com/about/careers/account_manager.html join us!
More information about the NANOG
mailing list