Cincinnati Bell Strikes Again

Apparently about a week and a half ago, John Matarese over at WCPO ran a piece about emails from Cincinnati Bell's Fuse and Zoomtown customers getting bounced particularly from Yahoo and AOL. Cincinnati Bell claimed it might have had something to do with changes in spam filtering on either Cincinnati Bell's end or on AOL or Yahoo's end.

Now, Cincinnati's premiere serious blogger, The Dean of Cincinnati, ran a piece ripping Cincinnati Bell a new one, for starters, for not running their own customer service department for their online products.

He followed up that article with another today describing the response he got from Cincinnati Bell.

Apparently they seem to be painting a picture that a great many Fuse accounts were compromised and put into use by various nefarious spammers.

Now, if you are dealing with ANY major online provider and they start spinning a tale about why something associated with their system isn't working, generally speaking they are wetting in your ear and telling you it's raining in the hope that you will go away.

Fortunately, you have John Matarese, The Dean, and, most importantly, THE AXINAR to help you figure out this mess.

Okay, because you can't trust your provider any further than you can throw it in matters such as these, you pretty much have to attempt to launch your own forensic investigation to figure out what is going on.

Now, since this issue involves email, it means you have to try to dissect headers - LOTS of headers.

And email headers are one of the biggest forensic nightmares known to man because SO much of the email protocols currently in use were developed at a time, where, yes, you could actually TRUST the S.O.B. that was trying to send you a message.

Not so any more. Many times email headers are forged three ways to Sunday in order to, yes, try to get you, the utterly uninformed computer users, to buy penis pills and penny stocks.

Now, fortunately there is usually ONE area of an email header that is valid - the IP address of the actual computer that originated the message. Computers that become "zombies" are generally identified quite rapidly based on their IP addresses and added to various "black lists".

SO, I go into my staggering stash of archived emails, and, you know what? - I don't have all that many that originated from Fuse.

I did find one that was fairly recent and I went looking for the originating IP address and - YIKES - the originating IP address was the "house ID" for I believe a Cisco/Linksys wireless router. This is an ID that is, to make a long story short (now don't say "too late", Dean), NEVER supposed to be seen outside of your house.

Now, it's hard to draw any conclusions from a single email, but I'd have to guess that AOL and Yahoo, when they see a "house ID" for a wireless router as the originating IP they go TOTALLY spastic.

SO, yes, I need more examples ...

Do you use a Fuse or Zoomtown address?

If so, I need you to send me a message.

It doesn't have to be fancy - just say "Hi".

Send it to axinar@gmail.com so I can see if there is anything "interesting" about the Fuse/Zoomtown headers currently and then report back to The Dean.

Thank you for your assistance in this incredibly important consumer investigation.

Update:
Just got an email from a Fuse address and it does look like Fuse is transmitting the originating IP now.

But please send me more - I need samples ...