VerizonWireless.com Mail Blacklists
It appears VerizonWireless.com has some rather aggressive mail filters. Verizon.net's blocking of Europe, Asia, Africa... well, everything but North America has made some headlines and even some lawsuits. Anyone know if VerizonWireless.com and Verizon.net are independent operations from an SMTP point of view? Verizon.net has, http://verizon.net/whitelist And I haven't found an equivalent for VerizonWireless.com. And given the differences in Verizon.net's and VerizonWireless.com's MX setup, I doubt they use common resources. Anyone here ever get off of their blacklist or even know what they are using? Even though we have accounts with them, I haven't been successful in getting through to clueful help *shock*. FWIW, it really looks like an IP-based blacklist. From our main mail server to any of their MX hosts, the 25/tcp connection completes, but then their server drops the connection, no banner, no nothing. I get a banner and can send mail to their servers from other IP addresses outside of that network. My guess is that they're using SPEWS? We're collateral damage in a SPEWS block. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387
Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters. Verizon.net's blocking of Europe, Asia, Africa... well, everything but North America has made some headlines and even some lawsuits. Anyone know if VerizonWireless.com and Verizon.net are independent operations from an SMTP point of view? Verizon.net has,
And I haven't found an equivalent for VerizonWireless.com. And given the differences in Verizon.net's and VerizonWireless.com's MX setup, I doubt they use common resources.
They're different companies. I'm pretty sure they have different server farms and corporate policies. Verizon owns 100% of Verizon.net and only 55% of Verizon Wireless. But that's not to say they don't share information. I'm going to forward this to an acquaintance I have at Verizon.net and see what he says.
FWIW, it really looks like an IP-based blacklist. From our main mail server to any of their MX hosts, the 25/tcp connection completes, but then their server drops the connection, no banner, no nothing. I get a banner and can send mail to their servers from other IP addresses outside of that network. My guess is that they're using SPEWS? We're collateral damage in a SPEWS block.
I'll find out for you (hopefully). -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
Following up to my own post
I'm going to forward this to an acquaintance I have at Verizon.net and see what he says.
Mail's been sent. Don't know how busy my friend is, but he should be able to get back to me relatively quickly. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
They're different companies. I'm pretty sure they have different server farms and corporate policies. Verizon owns 100% of Verizon.net and only 55% of Verizon Wireless.
When I left Verizon.net abuse/security last year they were NOT sharing mail systems/resources or anti-spam measures with VZW -Dennis
Mad props out to Mr. John Bittenbender who got me in contact with someone at VZW who was quick and helpful getting this fixed. Apparently, VZW did decide that our IAP as a whole originated too much spam and just blocked the whole thing. I don't know if they made their filters more precise or whitelisted our subnet, but mail to verizonewireless.com works for us now. Personally, I feel verizonwireless.com can filter whatever they want, BUT should stick to SMTP standards. Dropping connections with no SMTP banner, no error code is a Bad Thing. Give me a hint of why you don't like me with an error message and fail hard so outgoing messages don't sit queued up for days before my users get failure messages. And of course, if you're gonna block wide swaths of Internet, you should have mechanisms in place for your help desk to deal with blocked senders, customer and non-customers alike. But as usual, once you penetrate the front line of help desk drones, the real technical people are professional and helpful. Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters. Verizon.net's blocking of Europe, Asia, Africa... well, everything but North America has made some headlines and even some lawsuits. Anyone know if VerizonWireless.com and Verizon.net are independent operations from an SMTP point of view? Verizon.net has,
And I haven't found an equivalent for VerizonWireless.com. And given the differences in Verizon.net's and VerizonWireless.com's MX setup, I doubt they use common resources.
Anyone here ever get off of their blacklist or even know what they are using? Even though we have accounts with them, I haven't been successful in getting through to clueful help *shock*.
FWIW, it really looks like an IP-based blacklist. From our main mail server to any of their MX hosts, the 25/tcp connection completes, but then their server drops the connection, no banner, no nothing. I get a banner and can send mail to their servers from other IP addresses outside of that network. My guess is that they're using SPEWS? We're collateral damage in a SPEWS block.
-- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387
On Thu, May 19, 2005 at 05:24:41PM -0700, Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters.
Verizon is hopelessly clueless when it comes to mail system operations and mail filters -- as evidenced by their ongoing decision to deliberately provide anonymizing spam support and DoS attack services to anyone clever enough to use them via their abusive "callback" system, and by their total failure to to address the torrent of spam emanating from their own network. Which is a roundabout way of saying that it's probably best to a find a way to work around whatever stupidity they're inflicting on you, as it's very unlikely that anyone at Verizon is capable of even comprehending the problem, let alone taking steps to correct it. ---Rsk
On Thu, May 19, 2005 at 05:24:41PM -0700, Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters.
Verizon is hopelessly clueless when it comes to mail system operations and mail filters -- as evidenced by their ongoing decision to deliberately provide anonymizing spam support and DoS attack services to anyone clever enough to use them via their abusive "callback" system, and by their total failure to to address the torrent of spam emanating from their own network.
Not to belabor the obvious, but Verizon Wireless and Verizon are different companies with different management and separate infrastructure. VZW is a joint venture between VZ and Vodaphone. VZW recently confirmed that their mail system is separate from VZ's, and whatever mistakes they may make, they're not VZ's. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On Tue, May 31, 2005 at 04:46:01PM -0000, John Levine wrote:
VZW recently confirmed that their mail system is separate from VZ's, and whatever mistakes they may make, they're not VZ's.
Okay, fine -- and a look at DNS seems to back this up (unless I'm missing something). And I've no desire to lay VZ's mistakes at VZW's feet, or vice versa -- but that still leaves whoever-is-affected (like the orginal poster or anyone else out there) to deal with the issues. And the lack of participation by VZ and VZW in the leading applicable forum (i.e. Spam-L) isn't helping. At least some of the other folks are engaged in dialogue with their peers, even if what they're saying isn't to everyone's liking. (As to Verizon itself, since three different people pointed out the relative lack of SBL listings: keep in mind that SBL listings are put in place for very specific reasons, and aren't the only indicator of spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria and thus provide different measurements (if you will) of spam. So, to give a sample data point, in the last week alone, there have been 315 spam attempts directed at *just this address* from 194 different IP addresses (list attached) that belong to VZ. Have I reported them? Of *course* not. What would be the point in that?) ---Rsk
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
(As to Verizon itself, since three different people pointed out the relative lack of SBL listings: keep in mind that SBL listings are put in place for very specific reasons, and aren't the only indicator of spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria and thus provide different measurements (if you will) of spam. So, to give a sample data point, in the last week alone, there have been 315 spam attempts directed at *just this address* from 194 different IP addresses (list attached) that belong to VZ. Have I reported them? Of *course* not. What would be the point in that?)
<snip evidence of astounding lack of clue of VZ's customers> Zombies I expect; what's worse is that they're /obviously/ not even doing the most basic checks: Received: from verizon.net ([63.24.130.230]) (63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([68.130.237.39]) (68.130.237.39 is 1Cust39.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([68.130.237.35]) (68.130.237.35 is 1Cust35.tnt26.mia5.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([65.34.38.26]) (65.34.38.26 is c-65-34-38-26.hsd1.fl.comcast.net, HELO'd as 'verizon.net' and VZ still relayed it) Received: from verizon.net ([65.34.184.15]) (65.34.184.15 is c-65-34-184-15.hsd1.fl.comcast.net, etc.) IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
On Jun 1, 2005, at 12:28 PM, Steven Champeon wrote:
IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now.
The other half of this is if you are on VZ's network and try to send mail through their system, you cannot unless you have a "verizon.net" from address. Or at least that was the case when my friend with VZ DSL tried to send e-mail through VZ from her personal domain. -- TTFN, patrick
Patrick W. Gilmore wrote:
On Jun 1, 2005, at 12:28 PM, Steven Champeon wrote:
IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now.
The other half of this is if you are on VZ's network and try to send mail through their system, you cannot unless you have a "verizon.net" from address. Or at least that was the case when my friend with VZ DSL tried to send e-mail through VZ from her personal domain.
Assuming it does via their systems - most zombies have their own smtp engine from what I understand -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **********************************************************************
Assuming it does via their systems - most zombies have their own smtp engine from what I understand
Yes. Why would they need anything more than a broken SMTP engine that has been ripped from one sample to another for over 8 years? I'm exaggerating of course, but you get the picture. Let's not go back to blocking port 25 again, but that's the only reason why this would become obsolete so that other methods/attack vectors are actually necessary. Gadi.
On Jun 1, 2005, at 1:00 PM, Martin Hepworth wrote:
Patrick W. Gilmore wrote:
On Jun 1, 2005, at 12:28 PM, Steven Champeon wrote:
IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now.
The other half of this is if you are on VZ's network and try to send mail through their system, you cannot unless you have a "verizon.net" from address. Or at least that was the case when my friend with VZ DSL tried to send e-mail through VZ from her personal domain.
Assuming it does via their systems - most zombies have their own smtp engine from what I understand
Zombies do both, but my comment wasn't about zombies, it was about users. If you are a user with a vanity domain trying to send e-mail "From: user@vanity.domain", you cannot through VZ's system. Despite the fact we have spent years telling people they have to use their local ISP's mail server to send mail out. Does VZ support SMTP AUTH these days? (My info is over a year old.) -- TTFN, patrick
Zombies do both, but my comment wasn't about zombies, it was about users. If you are a user with a vanity domain trying to send e-mail "From: user@vanity.domain", you cannot through VZ's system. Despite the fact we have spent years telling people they have to use their local ISP's mail server to send mail out.
Does VZ support SMTP AUTH these days? (My info is over a year old.)
Verizon has many odd choices in their history, indeed. Still, how many DSL users actually *need* to use an account other than that given to them by their ISP? I find this extreme measure quite a good step, and in the right direction. There is no real reason why you should be able to email out with bush@whitehouse.gov using Verizon's own servers. If you are an advanced enough user to have your own vanity domain then you are advanced enough to have your own SMTP server. If port 25 is blocked, you can probably sort this out with your ISP (if said ISP is responsive to your needs) and/or move an ISP. I don't see how this doesn't sit well with telling people to use their ISP's server? Our problem *is* the clueless majority. ^5 to Verizon. Gadi.
On Jun 1, 2005, at 12:17 PM, Gadi Evron wrote:
Zombies do both, but my comment wasn't about zombies, it was about users. If you are a user with a vanity domain trying to send e-mail "From: user@vanity.domain", you cannot through VZ's system. Despite the fact we have spent years telling people they have to use their local ISP's mail server to send mail out.
Does VZ support SMTP AUTH these days? (My info is over a year old.)
Verizon has many odd choices in their history, indeed. Still, how many DSL users actually *need* to use an account other than that given to them by their ISP?
Many thousands, perhaps 100s of thousands.
I find this extreme measure quite a good step, and in the right direction.
I do not.
There is no real reason why you should be able to email out with bush@whitehouse.gov using Verizon's own servers.
Of course not. But "me@mydomain.com" is perfectly reasonable.
If you are an advanced enough user to have your own vanity domain then you are advanced enough to have your own SMTP server. If port 25 is blocked, you can probably sort this out with your ISP (if said ISP is responsive to your needs) and/or move an ISP.
The example given in this thread proves you wrong. My friend had a vanity domain, did not have her own mail server. But that's OK, we should tell people one thing (use your ISP's server to send mail) and do another (block them from sending mail through their ISP's server). Makes the "clueless majority" much happier when even the "techies" can't figure out WTF they are supposed to do. -- TTFN, patrick
The example given in this thread proves you wrong. My friend had a vanity domain, did not have her own mail server.
Okay, and why does she need to use Verizon's servers to send email from her own vanity domain? Unless I am missing something and Verizon gets paid for this?
But that's OK, we should tell people one thing (use your ISP's server to send mail) and do another (block them from sending mail through their ISP's server).
I believe you are exaggerating, like I usually like to do. My point is the the vast.. vast.. clueless majority is a direct threat to Internet survivability (ooh, big words). The 100s of thousands of clued users who has a vanity domains can definitely find an easy way to send mail, without using the provider's servers. The cost of allowing these servers to stay "open" is extremely high, and we are paying the price every day.
Makes the "clueless majority" much happier when even the "techies" can't figure out WTF they are supposed to do.
That's the point, the clueless, vast, vast, majority is happy. They don't care. They don't know there are 40 Trojan horses and 400 spyware components installed on their quiet green desktop. All they know is that their email account works. I know that they are threatening the Internet. Clear and simple. Gadi.
On Jun 1, 2005, at 12:35 PM, Gadi Evron wrote:
The example given in this thread proves you wrong. My friend had a vanity domain, did not have her own mail server.
Okay, and why does she need to use Verizon's servers to send email from her own vanity domain? Unless I am missing something and Verizon gets paid for this?
Yes, $50/month.
But that's OK, we should tell people one thing (use your ISP's server to send mail) and do another (block them from sending mail through their ISP's server).
I believe you are exaggerating, like I usually like to do. My point is the the vast.. vast.. clueless majority is a direct threat to Internet survivability (ooh, big words). The 100s of thousands of clued users who has a vanity domains can definitely find an easy way to send mail, without using the provider's servers.
No, 100s of 1000s of not-so-clued users have vanity domains. Have you checked how many domains are registered on a daily basis these days?
The cost of allowing these servers to stay "open" is extremely high, and we are paying the price every day.
Who said "open"? There are lots of ways to keep spam from your network down. If you have a mail server and allow it to send mail, it can be abused. All you can do is try to make it harder to abuse. One of the ways we (the collective "we" who run the Internet) have decided to do this is by forcing people to send outbound mail through their ISP's mail server, not through random open relays. If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse, that's fine. But to say "only allow ISP.net from addresses - but allow them from anywhere on the 'Net" is kinda ... silly.
That's the point, the clueless, vast, vast, majority is happy. They don't care. They don't know there are 40 Trojan horses and 400 spyware components installed on their quiet green desktop. All they know is that their email account works. I know that they are threatening the Internet. Clear and simple.
The solution presented here is not only not a solution, it is also a problem. -- TTFN, patrick
Yes, $50/month.
Then there is the problem. If she pays for the service of sending email using the vanity domain through the ISP's servers, then it should be, naturally, allowed.
No, 100s of 1000s of not-so-clued users have vanity domains. Have you checked how many domains are registered on a daily basis these days?
Much like they pay for domains, and for hosting, or for iron, or for bandwidth or whatever your cup of tea is, so should everyone else. Nothing comes for free and the abuse vs. use ratio is not favorable. Really, why should they be able to pay for domains and not arrange to pay an extra buck or 20? Well, we all like freebies.
Who said "open"? There are lots of ways to keep spam from your network down.
If you have a mail server and allow it to send mail, it can be abused. All you can do is try to make it harder to abuse. One of the ways we (the collective "we" who run the Internet) have decided to do this is by forcing people to send outbound mail through their ISP's mail server, not through random open relays.
Through _A_ mail server. Paid for or not is another issue, but the service is still a service. I get most of my domains hosted on friends' servers, that is still a service even if I don't pay for it.
If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse, that's fine. But to say "only allow ISP.net from addresses - but allow them from anywhere on the 'Net" is kinda ... silly.
No, it makes perfect sense but that is the one thing I fear we'll have to agree to disagree on.
The solution presented here is not only not a solution, it is also a problem.
Okay, then I suppose I don't understand the problem. How exactly do you mean? Gadi.
On Jun 1, 2005, at 12:51 PM, Gadi Evron wrote:
If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse, that's fine. But to say "only allow ISP.net from addresses - but allow them from anywhere on the 'Net" is kinda ... silly.
No, it makes perfect sense but that is the one thing I fear we'll have to agree to disagree on.
I fear you will have to agree to disagree with just about anyone who runs a large mail server.
The solution presented here is not only not a solution, it is also a problem.
Okay, then I suppose I don't understand the problem. How exactly do you mean?
1) It is not a solution because it does not stop spam. In fact, it is easier to send spam through VZ's mail servers than just about anyone else's. 2) It is a problem because they do not allow things almost every other ISP does - things which are "standard" and things for which the anti-spam community has been fighting to put in place for many years. -- TTFN, patrick
I fear you will have to agree to disagree with just about anyone who runs a large mail server.
Read my other email on that one.
1) It is not a solution because it does not stop spam. In fact, it is easier to send spam through VZ's mail servers than just about anyone else's.
I was not discussing success, I was debating the fact that people should be able to use their ISP's servers for everything they want. Such limitations do in fact help, although they are not very bright and shiny to ISP's. In fact, ISP's hate them. I am surprised Verizon took this approach. How Verizon does anti-spam is another matter best left for another thread.
2) It is a problem because they do not allow things almost every other ISP does - things which are "standard" and things for which the anti-spam community has been fighting to put in place for many years.
Agreed. I can't and won't argue with that one. Gadi.
On Wed, 01 Jun 2005 20:51:17 +0400, Gadi Evron said:
If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse, that's fine. But to say "only allow ISP.net from addresses - but allow them from anywhere on the 'Net" is kinda ... silly.
No, it makes perfect sense but that is the one thing I fear we'll have to agree to disagree on.
Nope, Patrick is right on this one. The ruleset that appears to be in effect is: "Anything from anywhere, even if it's from a hijacked box in Korea, can forward through our server as long as it has a 'totallybusticated@ISP.net' From: on it, but if one of our own customers tries to send through the server with a From: that says 'customer@vanity.domain' they can't even if they pass an SMTP AUTH check and prove they're ISP.net's customer..." And that's borked and wrong.
The solution presented here is not only not a solution, it is also a problem.
Okay, then I suppose I don't understand the problem. How exactly do you mean?
See above - would you consider forwarding mail from outside ISP.net space without an SMTP AUTH check just because it claims to be 'From @ISP.net'?
See above - would you consider forwarding mail from outside ISP.net space without an SMTP AUTH check just because it claims to be 'From @ISP.net'?
Yep, I was arguing the wrong point. We're on the same side. Sorry for the misunderstanding. Read my statements under that light and you will see they are *almost* the same although I still disagree on some of the issues. Thanks
Valdis.Kletnieks@vt.edu wrote:
"Anything from anywhere, even if it's from a hijacked box in Korea, can forward through our server as long as it has a 'totallybusticated@ISP.net' From: on it, but if one of our own customers tries to send through the server with a From: that says 'customer@vanity.domain' they can't even if they pass an SMTP AUTH check and prove they're ISP.net's customer..."
And that's borked and wrong.
This is old news. Years old. I think it might have dated back to before @gte.net addresses became deprecated. But I thought VZ had fixed the problem. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
If the ISP wants to use SMTP AUTH or other mechanisms to lower abuse, that's fine. But to say "only allow ISP.net from addresses - but allow them from anywhere on the 'Net" is kinda ... silly.
I think we are arguing the same side of the problem. I think I mis-read this one sentence. SMTP AUTH is a great thing, really, but not what it's cracked up to be in the age of zombies. I am not saying that they should be allowed from anywhere on the net, I argue quite the opposite. Gadi.
On Wed, 1 Jun 2005, Gadi Evron wrote:
There is no real reason why you should be able to email out with bush@whitehouse.gov using Verizon's own servers.
perhaps not that, but surely user@vanity.domain and if they do/have auth info they can even see who it was when there are problems.
If you are an advanced enough user to have your own vanity domain then you are advanced enough to have your own SMTP server. If port 25 is blocked, you can probably sort this out with your ISP (if said ISP is responsive to your needs) and/or move an ISP.
1) monopoly isps 2) standard config 3) lack of ability to make 1/2/3 changes here/there/everywhere (config drift) for customers not paying more than the 'standard'. There are other reasons of course. Also, customers with their own SMTP/IMAP services COULD just do tcp/587 'submission'... but we covered that ground already I think?
1) monopoly isps 2) standard config 3) lack of ability to make 1/2/3 changes here/there/everywhere (config drift) for customers not paying more than the 'standard'.
There are other reasons of course. Also, customers with their own SMTP/IMAP services COULD just do tcp/587 'submission'... but we covered that ground already I think?
I don't usually send an email just for a one-liner (unless it is very funny), but a "thank you" is in order. It was mostly a mis-understanding of the argument on my part, but that does put some things in light. Thanks! Gadi.
There is no real reason why you should be able to email out with bush@whitehouse.gov using Verizon's own servers.
Not even if you use an SMTP AUTH session and clearly establish your identity as a customer of Verizon? Seems to me that an authenticated SMTP session tends to narrow down the potential source of an email if there is a desire to identify the perpetrator. Some people might consider this to be a good thing. --Michael Dillon
On Wed, 1 Jun 2005, Steven Champeon wrote:
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
(As to Verizon itself, since three different people pointed out the relative lack of SBL listings: keep in mind that SBL listings are put in place for very specific reasons, and aren't the only indicator of spam. Other DNSBLs and RHSBLs, e.g. the CBL, use different criteria and thus provide different measurements (if you will) of spam. So, to give a sample data point, in the last week alone, there have been 315 spam attempts directed at *just this address* from 194 different IP addresses (list attached) that belong to VZ. Have I reported them? Of *course* not. What would be the point in that?)
<snip evidence of astounding lack of clue of VZ's customers>
Zombies I expect; what's worse is that they're /obviously/ not even doing the most basic checks:
Received: from verizon.net ([63.24.130.230])
(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it)
keep in mind I'm just thinking out loud here, but is it possible that verizon is using someone else for dial access in places? So, perhaps these are VZ customers doing the proper helo based on their funky mail client?
IOW, VZ isn't even checking to see if a zombie'd host is forging its own domain into HELO, regardless of whether it comes from Comcast or UUNet, and as long as the forged sender has a verizon.net address, and the recipient hasn't blocked VZ's silly callback system, the message is relayed. Thanks, Verizon. We can hear you now.
or it's a flubb on VZ's part, like I said, just thinking out loud.
On Jun 1, 2005, at 1:54 PM, Christopher L. Morrow wrote:
Received: from verizon.net ([63.24.130.230])
(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it)
keep in mind I'm just thinking out loud here, but is it possible that verizon is using someone else for dial access in places? So, perhaps these are VZ customers doing the proper helo based on their funky mail client?
You might be right. I couldn't get to 63.24.130.230, but from my person server (which has no relation to VZ's network): patrick@p8.bos/1:59PM% telnet relay.verizon.net 25 Trying 206.46.232.11... Connected to relay.verizon.net. Escape character is '^]'. 220 sv10pub.verizon.net MailPass SMTP server v1.2.0 - 013105113116JY +PrW ready Wed, 1 Jun 2005 12:59:33 -0500 helo patrick.verizon.net 250 sv10pub.verizon.net mail from: patrick@verizon.net 250 Sender <patrick@verizon.net> OK rcpt to: patrick@ianai.net 530 5.7.1 Relaying not allowed: patrick@ianai.net This is much better than I originally thought. Still think they should allow sending mail from their network though. :) -- TTFN, patrick
On Wed, 1 Jun 2005, Patrick W. Gilmore wrote:
On Jun 1, 2005, at 1:54 PM, Christopher L. Morrow wrote:
Received: from verizon.net ([63.24.130.230])
(63.24.130.230 is 1Cust742.an1.nyc41.da.uu.net, HELO'd as 'verizon.net' and VZ still relayed it)
keep in mind I'm just thinking out loud here, but is it possible that verizon is using someone else for dial access in places? So, perhaps these are VZ customers doing the proper helo based on their funky mail client?
You might be right.
I couldn't get to 63.24.130.230, but from my person server (which has no relation to VZ's network):
1Cust742.an1.nyc41.da.uu.net == 63.24.130.230 which is like: 22Cust55.tnt13.tco2.da.uu.net. == 67.206.50.55 *Cust***.DEV.HUB.da.uu.net == dialup user ip. Most times ppp customer, most times a /24 (or like) per DEV... So, unless someone is logged in at this time to: 63.24.130.230 there isn't anything to get to...
patrick@p8.bos/1:59PM% telnet relay.verizon.net 25 Trying 206.46.232.11... Connected to relay.verizon.net. Escape character is '^]'. 220 sv10pub.verizon.net MailPass SMTP server v1.2.0 - 013105113116JY +PrW ready Wed, 1 Jun 2005 12:59:33 -0500 helo patrick.verizon.net 250 sv10pub.verizon.net mail from: patrick@verizon.net 250 Sender <patrick@verizon.net> OK rcpt to: patrick@ianai.net 530 5.7.1 Relaying not allowed: patrick@ianai.net
This is much better than I originally thought.
Still think they should allow sending mail from their network though. :)
'their network' I think is the problem for them, again I'm not a VZ employee (yet?), but I'd bet they have several hundreds of blocks for DSL, several DIAL providers and distributed smtp acceptance points for their customers... It seems that SMTPAUTH would be a decent way to get this resolved though (or ONE decent way).
On 6/1/05, Rich Kulawiec <rsk@gsp.org> wrote:
On Tue, May 31, 2005 at 04:46:01PM -0000, John Levine wrote:
VZW recently confirmed that their mail system is separate from VZ's, and whatever mistakes they may make, they're not VZ's.
Okay, fine -- and a look at DNS seems to back this up (unless I'm missing something). And I've no desire to lay VZ's mistakes at VZW's feet, or vice versa -- but that still leaves whoever-is-affected (like the orginal poster or anyone else out there) to deal with the issues. And the lack of participation by VZ and VZW in the leading applicable forum (i.e. Spam-L) isn't helping. At least some of the other folks are engaged in dialogue with their peers, even if what they're saying isn't to everyone's liking.
Quick point to address here about VZW's email. We don't provide email services to our customers. We are merely a wireless ISP generally used as their secondary connection to use while the customer is mobile. Another large portion of our client base are enterprises and public services/utilities that use their own systems. The reason for our non-participation in Spam-L..... We aren't an email provider. At most we relay for our own address space and accept deliveries to and from vtext.com which isn't email/webmail it's only web accessible SMS messaging so it's not really applicable either. There are spam guards on vtext but if a customer can't receive his/her SMS's that were sent to their phone they can call customer service and get that resolved. The issue at the root of this thread was with our corporate mail servers, not customer email. So it's a different ball of wax and not really a topic for discussion on NANOG other than as a last cry for help (which worked in this case). And yes, please don't lay VZ's problems at our feet. As was mentioned a ways up this thread, we are just partially owned by the same mother ship. John Bittenbender Verizon Wireless Netops
At 7:21 PM -0700 2005-06-01, John Bittenbender wrote:
We don't provide email services to our customers. We are merely a wireless ISP generally used as their secondary connection to use while the customer is mobile. Another large portion of our client base are enterprises and public services/utilities that use their own systems.
Do you provide mail servers of any type anywhere at all on your network? Do you provide access to mail servers of any type through your network? If so, then you are an e-mail service provider (even if that isn't your primary function).
The reason for our non-participation in Spam-L..... We aren't an email provider.
You should most definitely be actively participating in the appropriate forums. Failure to do so should be considered a corporate statement that you implicitly condone any and all such activities that occur on your networks. However, this discussion should be held in one of those forums where it is more appropriate to discuss this subject. Unfortunately, you don't participate in any of them. -- Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
* brad@stop.mail-abuse.org (Brad Knowles) [Thu 02 Jun 2005, 06:33 CEST]:
You should most definitely be actively participating in the appropriate forums.
Failure to do so should be considered a corporate statement that you implicitly condone any and all such activities that occur on your networks.
Oooh, threatening, Mr Knowles! And completely lunatic, too.
However, this discussion should be held in one of those forums where it is more appropriate to discuss this subject. Unfortunately, you don't participate in any of them.
Are you sure you want to inflict a sizeable portion of the Internet's entire population on one certain mailing list? Your claim to fame that you had something to do with AOL's mail servers once may not be sufficient to support this. -- Niels. -- The idle mind is the devil's playground
At 10:37 AM +0200 2005-06-02, Niels Bakker wrote:
Failure to do so should be considered a corporate statement that you implicitly condone any and all such activities that occur on your networks.
Oooh, threatening, Mr Knowles!
Threatening? No, I don't think so. Something to be concerned about? Yes.
However, this discussion should be held in one of those forums where it is more appropriate to discuss this subject. Unfortunately, you don't participate in any of them.
Are you sure you want to inflict a sizeable portion of the Internet's entire population on one certain mailing list?
A sizable portion of the Internet's entire population are network or access providers who have mail servers or who provide access to mail servers through their network, and who are not already on the appropriate forums? If that is an accurate statement, then I would be very, very concerned for the future of the Internet.
Your claim to fame that you had something to do with AOL's mail servers once may not be sufficient to support this.
At the time, on a volume basis, I was probably responsible for as much or more anti-spam work than anyone else around. I know that things have grown a great deal since then, but I imagine that there are probably still plenty of places that have fewer than ten million customers and doing less than ten million messages per day, and yet they are also to be found on the appropriate forums. So, I figure I'm still in pretty good company. Of course, spam-l is not the only appropriate forum where discussions of that sort should be held. Now, if we're done with the personal attacks, can we get back to subjects that are appropriate for this forum? -- Brad Knowles, <brad@stop.mail-abuse.org> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See <http://www.sage.org/> for more info.
John Bittenbender wrote:
We don't provide email services to our customers.
Sure you do. When I was a VZW customer, I had a vtext.com email address and a few aliases. (BTW, you should provide better spam filtering to your customers who use SMS, but that's something we can talk about offlist as it's not relevant to NANOG.) -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
On 31/05/05, Rich Kulawiec <rsk@gsp.org> wrote:
On Thu, May 19, 2005 at 05:24:41PM -0700, Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters.
Verizon is hopelessly clueless when it comes to mail system operations and mail filters -- as evidenced by their ongoing decision to deliberately provide anonymizing spam support and DoS attack services to anyone clever
Interesting rant, if one that I've heard before often enough, given some spam-l posters' current obsession with "outscatter" Anyway, you're ranting about Verizon. The OP has a problem with Verizon Wireless, which seems a completely separate outfit, with a different mail farm, different admins and postmasters (and different corporate hierarchy upto a point - certainly different wrt operational issues) If you have operational rants about Verizon Wireless, fine. Else, please leave the ranting for rants sake for spam-l or nanae. Makes interesting reading there I guess, but I dont see much use for it on nanog. -srs
participants (16)
-
Brad Knowles
-
Christopher L. Morrow
-
Crist Clark
-
Dennis Dayman
-
Gadi Evron
-
John Bittenbender
-
John Levine
-
Martin Hepworth
-
Michael.Dillon@btradianz.com
-
Niels Bakker
-
Patrick W. Gilmore
-
Rich Kulawiec
-
Steve Sobol
-
Steven Champeon
-
Suresh Ramasubramanian
-
Valdis.Kletnieks@vt.edu