North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Verizon is easily fooled by spamming zombies (was: Re:VerizonWireless.com Mail Blacklists)

  • From: Christopher L. Morrow
  • Date: Wed Jun 01 13:56:41 2005

On Wed, 1 Jun 2005, Steven Champeon wrote:

>
> on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
> > (As to Verizon itself, since three different people pointed out the
> > relative lack of SBL listings: keep in mind that SBL listings are put
> > in place for very specific reasons, and aren't the only indicator of
> > spam.  Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria
> > and thus provide different measurements (if you will) of spam.  So,
> > to give a sample data point, in the last week alone, there have been
> > 315 spam attempts directed at *just this address* from 194 different
> > IP addresses (list attached) that belong to VZ.  Have I reported them?
> > Of *course* not.  What would be the point in that?)
>
> <snip evidence of astounding lack of clue of VZ's customers>
>
> Zombies I expect; what's worse is that they're /obviously/ not even
> doing the most basic checks:
>
> Received: from verizon.net ([63.24.130.230])
>
> (63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net'
> and VZ still relayed it)
>

keep in mind I'm just thinking out loud here, but is it possible that
verizon is using someone else for dial access in places? So, perhaps these
are VZ customers doing the proper helo based on their funky mail client?


>
> IOW, VZ isn't even checking to see if a zombie'd host is forging its
> own domain into HELO, regardless of whether it comes from Comcast or
> UUNet, and as long as the forged sender has a verizon.net address, and
> the recipient hasn't blocked VZ's silly callback system, the message
> is relayed. Thanks, Verizon. We can hear you now.
>

or it's a flubb on VZ's part, like I said, just thinking out loud.