I was _hammered_ all throughout last year by messages to unknown accounts from machines in the sc0<nn>pub.verizon.net segment (nn = 01 - 99). Eventually I had to blacklist anything matching that pattern. Seems to be a lot more quiet now though.
Actually, I suspect those are (misguided?) attempts at sender verification*. We get hammered by those too, and they're always** from <> or [EMAIL PROTECTED] We know spammers are forging our domain name in the return address, using randomly-generated addresses which look just like the unknown users Verizon is trying to reach.
* Since so many admins disable VRFY to guard against dictionary attacks, the new tactic is to try to send mail to an address, but then drop the connection before sending an actual message. It can be used to make dictionary attacks, or it can be used on the purported sender of a message to make sure the return address exists.
** I've only done spot checks, but every time I have, they've fit this pattern.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
