Verizon Accused By Spamhaus Of Negligence Against Spammers And Cybercriminals Routing Through Its Network

Verizon Van 624px

As vast and widespread as the Internet is, the old adage "it's a small world" still seems to apply. It has had been widely reported that IP addresses are fast becoming a precious commodity, with IPV4 addresses completely allocated now and the future of Internet address identification and location reliant on IPV6 for continued expansion. Interestingly enough, the Internet’s growing pains pose an increasing challenge for spammers and cybercriminals looking to gain access to new IP addresses to operate, as existing and old addresses are terminated for spamming and other malicious practices.

As a result, spammers and cybercriminals are now resorting to stealing large blocks of IP addresses that aren’t currently active or being used by their existing owners. There’s actually a black market of sorts for IP addresses and with the shrinking availability of IPV4 addresses it’s becoming big business. However, to make use of stolen IP addresses, spammers and cybercriminals still need to route them through an ISP’s system without being noticed, often times presenting forged authorization documentation in order to get their addresses announced on the network. Of course it’s incumbent upon the ISP to cross-check IP addresses and routing requests and It doesn’t take a degree in data communications technology to sniff out suspicious behavior and requests.

Apparently some ISPs are more vigilant than others at sniffing out the bad guys on their network and, as it turns out, researchers at The Spamhaus Project have identified over 4 million IP addresses that are allegedly being operated by US cybercriminals over the Verizon Communications network. Spamhaus reports that Verizon routed IPs are far and away the largest offender of “snowshoe spamming,” a practice that spreads out spam across many IPs and domains in an effort to scatter its footprint and evade spam filters.

New Guoxin Telecom routing history, terminated from several Asian ISPs before Verizon announcements.
Source: via Spamhaus

The report goes on to explain that many of the IP blocks in question were previously owned and then terminated by Chinese and Korean hosts for spamming. They were then picked up and announced by UUnet, which was acquired by Verizon in 2006. However, spam victims sending in abuse reports to the owner of the IP wouldn’t necessarily get through to Verizon either, since again, they’re actually stolen IPs to begin with.

Spamhaus goes on to accuse Verizon of “failing to properly vet IP address ranges for which it provides transit.” And that, “while Verizon has an anti-spam policy and has participated in working groups such as M3AAWG, its present defacto policy of routing illicitly obtained IP address space for spammers means that it is directly responsible for facilitating massive sources of spam and cybercrime affecting millions of Internet users and networks."

These are pretty bold claims and if true, it’s a rather unflattering portrayal of ol’ “Big Red,” as some competitors like to refer to the company. In terms of being a good Internet neighbor, the company could definitely step up its neighborhood watch game a notch or two, at least according to this report. 

Photo credit: