Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)

• Previous message: Rich Kulawiec: "Re: VerizonWireless.com Mail Blacklists"
• Next in thread: Patrick W. Gilmore: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Reply: Patrick W. Gilmore: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Maybe reply: Christopher L. Morrow: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Maybe reply: Christopher L. Morrow: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
> (As to Verizon itself, since three different people pointed out the
> relative lack of SBL listings: keep in mind that SBL listings are put
> in place for very specific reasons, and aren't the only indicator of
> spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria
> and thus provide different measurements (if you will) of spam. So,
> to give a sample data point, in the last week alone, there have been
> 315 spam attempts directed at *just this address* from 194 different
> IP addresses (list attached) that belong to VZ. Have I reported them?
> Of *course* not. What would be the point in that?)

<snip evidence of astounding lack of clue of VZ's customers>

Zombies I expect; what's worse is that they're /obviously/ not even
doing the most basic checks:

Received: from verizon.net ([63.24.130.230])

(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([68.130.237.39])

(68.130.237.39 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([68.130.237.35])

(68.130.237.35 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([65.34.38.26])

(65.34.38.26 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net'
and VZ still relayed it)

Received: from verizon.net ([65.34.184.15])

(65.34.184.15 is c-65-34-184-15.hsd1.fl.comcast.net, etc.)

IOW, VZ isn't even checking to see if a zombie'd host is forging its
own domain into HELO, regardless of whether it comes from Comcast or
UUNet, and as long as the forged sender has a verizon.net address, and
the recipient hasn't blocked VZ's silly callback system, the message
is relayed. Thanks, Verizon. We can hear you now.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!

• Previous message: Rich Kulawiec: "Re: VerizonWireless.com Mail Blacklists"
• Next in thread: Patrick W. Gilmore: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Reply: Patrick W. Gilmore: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Maybe reply: Christopher L. Morrow: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Maybe reply: Christopher L. Morrow: "Re: Verizon is easily fooled by spamming zombies (was: Re: VerizonWireless.com Mail Blacklists)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]