Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Moves Toward Mail-Server Whitelist

Posted by timothy on from the is-it-better-than-spam dept.

Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""

12 of 447 comments (clear)

  1. RTFA? by fo0bar · · Score: 5, Informative

    FYI, this seems to be from AT&T Business Services, IE backbone and ip operations. So their customers (the people they are asking) in this case are other ISPs, datacenters, etc, and the whitelist is for sending email to AT&T itself. This has nothing to do with other AT&T services (remember, "AT&T" is essentially about a hundred different companies that happen to share the same name), so this should not affect some grandma trying to send to an attbi account. That being said, whether what they're doing is good remains to be seen.

    (Interestingly enough, I *DO* work for a datacenter that has IP and transit services through AT&T, and have not received one of these emails yet...)

  2. Good grief by Micah · · Score: 2, Informative

    I've said it before, and I'll say it again. We need to dump SMTP and switch to something like Internet Mail 2000. The sooner we do it, the better. Some people here have voiced concerns, but I'm convinced that this proposal is well thought out and will work. Any inconvenience (which would be minor, and only for a small fraction of users) would be trumped by its benefits, by a wide margin.

    Anyone know if anyone is actually coding up a sample server and client for IM2000? A google search for "internet mail 2000" comes up with some proposals that go beyond Bernstein's site, but I haven't seen any evidence of code yet. It really shouldn't be that complicated and, yeah, I'd be willing to help!

  3. Don't they need to keep doing business? by fatray · · Score: 2, Informative

    Most big corps have an army of salesmen, tech guys, whatever, roaming around the world handing out business cards with an email address printed on them. The idea is that potential customers or potential partners with actually email us and we'll do things with them that make money for the corporation. Cutting off that communication sounds like a very bad idea.

    This seems pretty odd. Is this just a small division somewhere that is trying this or THE AT&T.

  4. Just because... by sillypixie · · Score: 4, Informative
    you whitelist some servers does not have to mean that you have to blacklist all the others. If AT&T really means to do this, they will learn the hard way when their business suffers.

    There are several initiatives underway to use DNS to authenticate SMTP transactions: this seems like a good way to avoid the nastiness described by the parent poster...

    The article really does sound like this request is an emergency response to a specific threat - The intent seems to me to be more of a temporary bandaid solution than an attempt to alter the very fabric of email as we know it (-:

    Pixie

    --
    don't mess with those geekgrrls
  5. Re:Gee, that's funny... by Anonymous Coward · · Score: 1, Informative

    pink contract

  6. I nearly did that myself by Greyfox · · Score: 2, Informative

    I was hunting around for some info on how to set procmail up to only allow the 4 domains that I get legitimate mail from when I ran across tmda. I decided to give it a shot instead and I haven't seen a spam since. I know that technically they're still coming in, but I went from 30-40 spams a day in my inbox to 0. Now I can ignore the problem until they start slipping through or they start consuming a significant portion of my bandwidth.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Re:All it takes by bobv-pillars-net · · Score: 3, Informative

    dig mx att.com

    then telnet to port 25 for each MX host

    I get no response from any of them.

    Keep trying. According to my logs, about 30% of the time, they DO respond. I don't know if they're overloaded 70% of the time or if their IP-filter breaks 30% of the time, but if you keep trying long enough, you will get through.

    --
    The Web is like Usenet, but
    the elephants are untrained.
  8. Re:Oh well. by KarmaPolice · · Score: 1, Informative

    While this isn't the overall solution, a list of known non-spam servers could be a very important part of a spam filtering system.

    That's a great idea. Why hasn't anyone done that??

  9. Re:This is just wrong in so many ways... by Halo1 · · Score: 2, Informative
    Maybe because their incoming mailservers are:
    att.net. 6H IN MX 5 gateway2.att.net. att.net. 6H IN MX 5 gateway1.att.net.
    Or are you a client of AT&T that must send his mail through their outgoing mailservers?
    --
    Donate free food here
  10. Re:This is just wrong in so many ways... by lardi · · Score: 2, Informative

    Working as the sysadmin for our company I would like to tell you ablout the latest UCE complaint that has hit my inbox.. We run a community website that sends out newsletters to our customers. This newsletter is sent out if the users does not uncheck the box "Yes I want too recieve newsletter......bla bla" A couble of weeks ago mail from our server bounced from AOL due to AOL customer UCE complaints. As it turns out one single UCE complaint from an AOL customer will get the ip of the sending smtp server banned for a period of 12 hours, but if the server has a PTR record the server will need to generate a lot more complaints before being blocked. Apart from the time i spent resolving this issue, not counting waiting to get thru to the postmaster group, this easy step would weed out at least a large portion of the spam. Everybody agrees not to recieve mail from domains without a valid PTR record ? :)

  11. ATT says: by Chatmag · · Score: 2, Informative

    According to the recording at the 800 number supplied, this was a draft email that was sent out prematurely.

    --
    Pete Carr Owner Chatmag.com
  12. ATT has admitted they screwed up. by JuggleGeek · · Score: 2, Informative
    Quote from the article, link shown below for the whole thing.
    Human Error Leads to AT&T's Anti-Spam Gaffe

    Telco giant AT&T (Quote, Chart) on Wednesday rushed to withdraw two notices sent to business partners and customers asking for the IP addresses of all outbound SMTP (define) servers because of a "human error" gaffe.

    With a significant increase in incoming spam over the past few days, AT&T sent out the notices demanding the IP addresses, presumably to create a white list of gateways from which e-mail will be accepted. But a company spokesman now says customers should ignore the requests.

    "Those e-mails went out in error. They never should have been sent. We have apologized and we're requesting that customers disregard them," AT&T spokesman Dave Johnson told internetnews.com.

    "It was an honest human error. Sometimes, folks makes mistakes," Johnson said.

    Details here.