Heads-up: AT&T apparently going to whitelist-only inbound mail

Tue Oct 21 22:00:11 UTC 2003

I'm not sure whether shadenfreude is the right word, however, it seems that, 
regarding a previous conversation about cutting off users infected with viruses,
 ATT has decided that putting a bit of stick about is the right thing to do. 

It will be very interesting to see how this works out, as it may set a very 
big precedent. 

I just  hope that they do it subnet by subnet over time instead of all at once, 
so that the interruption can be isolated brifly to small areas over a longer 
period of time.  I don't envy their customers, or their security department
for having to resort to this, but we should all be watching for the results, 
as it may make or break the case for dealing with user sites that expose the 
network to risk. 

Best, 

-j

--
Jamie.Reid, CISSP, jamie.reid at mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre 
Corporate Security, MBS  
416 327 2324 
>>> "Jeff Wasilko" <jeffw at smoe.org> 10/21/03 05:24pm >>>

----- Forwarded message -----

Return-Path: <rm-antiattspam at ems.att.com>
Message-ID: <3F80414B002D0EC2 at attrh0i.attrh.att.com> (added by 
postmaster at attrh1i.attrh.att.com)
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain
MIME-Version: 1.0
X-Mailer: MIME::Lite 2.102  (B2.12; Q2.03)
Date: Tue, 21 Oct 2003 20:21:50 UT
Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03)
From: rm-antiattspam at ems.att.com

AT&T Business Partners & Customers

AT&T has received many of the requested IP addresses in response to an 
e-mail originally broadcast yesterday to our business partners and 
clients.  However, we have also received many concerned responses to 
the original request.

This 2nd e-mail is to let you know that this is a legitimate AT&T 
request asking for your cooperation, which will let us improve the 
service that AT&T offers you and that our partnership requires.   We 
have provided a toll-free number below to help you confirm the 
legitimacy of this request.

We have assembled the distribution list for this e-mail by looking up 
the administrative contacts for each of the known e-mail domains we 
currently exchange e-mail with, referencing WHOIS and other such 
services available via the Internet.

What AT&T is asking is for you to help AT&T to restrict incoming mail 
to just our known and trusted sources (e.g., business partners, clients 
and customers).  Therefore, we need to know which IP address(es) are 
used by your outbound e-mail service so we can selectively permit them. 
Please send this information to the following e-mail address 
(rm-antiattspam at ems.att.com).

If you need assistance determining what these IP addresses are, please 
contact your company's administrative e-mail server support / network 
administration personnel.   We regret that AT&T is burdening you with 
this request, but our AT&T security team is advising that we take this 
step to help safeguard our e-mail systems, which ultimately will help 
us serve you better.

Please contact us with any concerns or questions:
AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)

Thank you for your prompt attention to this matter.  We appreciate your 
cooperation.

Sincerely,
Brian Williams, IP Network Services
Tim Scholl - District Manager, IP Network Services
Kevin O'Connell - Division Manager, Information Technology Services 
Engineering
Bill O'Hern - Division Manager, Network Security

----- Original Message (Sent Monday, 10/20/03) -----
AT&T has an urgent situation with our anti-spam list. In order to 
continue to allow email to AT&T you need to provide the IP addresses of 
all your outbound email gateways. If you do not respond immediately, 
your access may not continue. The required information should be sent 
to rm-antiattspam at ems.att.com.

----- End forwarded message -----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: TEXT.htm
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031021/0a59fff5/attachment.ksh>