North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote: > (As to Verizon itself, since three different people pointed out the > relative lack of SBL listings: keep in mind that SBL listings are put > in place for very specific reasons, and aren't the only indicator of > spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria > and thus provide different measurements (if you will) of spam. So, > to give a sample data point, in the last week alone, there have been > 315 spam attempts directed at *just this address* from 194 different > IP addresses (list attached) that belong to VZ. Have I reported them? > Of *course* not. What would be the point in that?) <snip evidence of astounding lack of clue of VZ's customers> Zombies I expect; what's worse is that they're /obviously/ not even doing the most basic checks: Received: from verizon.net ([188.8.131.52]) (184.108.40.206 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([220.127.116.11]) (18.104.22.168 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([22.214.171.124]) (126.96.36.199 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([188.8.131.52]) (184.108.40.206 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([220.127.116.11]) (18.104.22.168 is c-65-34-184-15.hsd1.fl.comcast.net, etc.) IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!