Getting Spam Email? Blame Verizon

One nice thing about the SMTP email protocol is that it tracks what IP addresses emails were sent from. This means if you are the recipient of spam you can look at the email headers and see where the spam was coming from. You can then contact the owner of the IP address (usually a large ISP) and tell them that you received email from that address.

Reputable networks do not want spam and other abuse originating in their networks, as this leads to them being put on blacklists. A blacklist is a list of ‘bad’ IP addresses. If an IP address is added to a email blacklist, any emails originating from that IP address do not get delivered. This is a great way to cut down on spam.

One of the largest anti-spam blacklists is maintained by Spamhaus.org. Spamhaus tracks spammers and then provides a blacklist that is used by over 600 Million email recipients.

Part of the work Spamhaus does is tracking where spam comes from. Yesterday Spamhaus published a fascinating article about how spammers are using forgotten IP blocks to send out spam and how Verizon is accepting those routes and then forwarding that traffic on to the rest of the world.

What happens is that certain large chunks of IP address space have been allocated to companies which do not currently exist anymore. That IP address space is not being used. This in itself is a problem, since the world has basically run out of new IPv4 space. However, this forgotten IP space is now being used by spammers.

Think of an abandoned building in your city. Now imagine if squatters came in and pretended to own the building. This is what is happening with the forgotten IP space.

But the way Internet routing works is that just because someone claims that some IP space is theirs does not mean anything. The key is to get other networks to accept traffic from that IP space as legitimately yours.

ISPs have filters to prevent spoofed or forged traffic from entering their network. At the same time, the Internet is largely built on trust, and as soon as one large player accepts bad IP blocks, most of the Internet will follow.

In this case, Verizon (AS701) is accepting traffic from a bunch of illegitimate traffic. Other networks then believe that Verizon knows what it is doing and also accept that traffic from the spammers. And that is how spam sent from illegitimate Asian networks reaches your inbox.

The conversation goes something like this:

Spammer: Hey ISPs, you should accept traffic from us. We’re legit. Trust me.

Most ISPs: No way, you don’t look legit at all. I know a spammer when I see one!

Verizon: Sure, we don’t need to check what traffic we accept. Send your traffic our way.

Most ISPs: Huh, look at that new traffic Verizon is sending to the world. We know and trust Verizon, we will accept it.

So even though Verizon is not directly responsible for sending out spam, it is responsible for the IP blocks which it chooses to accept. The acceptance of blocks which are obviously illegitimate leads to spammers being able to burden the Internet with their bogus emails.

Read the Spamhaus article.

Leave a Reply

Your email address will not be published. Required fields are marked *