Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)

North American Network Operators Group

Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)

From: Steven Champeon
Date: Wed Jun 01 12:29:33 2005

on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
> (As to Verizon itself, since three different people pointed out the
> relative lack of SBL listings: keep in mind that SBL listings are put
> in place for very specific reasons, and aren't the only indicator of
> spam.  Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria
> and thus provide different measurements (if you will) of spam.  So,
> to give a sample data point, in the last week alone, there have been
> 315 spam attempts directed at *just this address* from 194 different
> IP addresses (list attached) that belong to VZ.  Have I reported them?
> Of *course* not.  What would be the point in that?)

<snip evidence of astounding lack of clue of VZ's customers>

Zombies I expect; what's worse is that they're /obviously/ not even
doing the most basic checks:

Received: from verizon.net ([63.24.130.230])

(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([68.130.237.39])

(68.130.237.39 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([68.130.237.35])

(68.130.237.35 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([65.34.38.26])

(65.34.38.26 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([65.34.184.15])

(65.34.184.15 is c-65-34-184-15.hsd1.fl.comcast.net, etc.)

IOW, VZ isn't even checking to see if a zombie'd host is forging its
own domain into HELO, regardless of whether it comes from Comcast or
UUNet, and as long as the forged sender has a verizon.net address, and
the recipient hasn't blocked VZ's silly callback system, the message
is relayed. Thanks, Verizon. We can hear you now. 

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!

Follow-Ups:
- Re: Verizon is easily fooled by spamming zombies (was: Re:VerizonWireless.com Mail Blacklists) Christopher L. Morrow
- Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists) Patrick W. Gilmore

References:
- Re: VerizonWireless.com Mail Blacklists Rich Kulawiec

Prev by Date: Re: VerizonWireless.com Mail Blacklists
Next by Date: Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)
Date Index
Thread Index
Author Index
Historical