AT&T Moves Toward Mail-Server Whitelist

Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""

RTFA?

[fo0bar]

FYI, this seems to be from AT&T Business Services, IE backbone and ip operations. So their customers (the people they are asking) in this case are other ISPs, datacenters, etc, and the whitelist is for sending email to AT&T itself. This has nothing to do with other AT&T services (remember, "AT&T" is essentially about a hundred different companies that happen to share the same name), so this should not affect some grandma trying to send to an attbi account. That being said, whether what they're doing is good remains to be seen.

(Interestingly enough, I *DO* work for a datacenter that has IP and transit services through AT&T, and have not received one of these emails yet...)

Just because...

[sillypixie]

you whitelist some servers does not have to mean that you have to blacklist all the others. If AT&T really means to do this, they will learn the hard way when their business suffers.

There are several initiatives underway to use DNS to authenticate SMTP transactions: this seems like a good way to avoid the nastiness described by the parent poster...

• http://spf.pobox.com/draft-mengwong-spf-01.txt

• http://www.pan-am.ca/draft-ietf-asrg-dsprotocol-00 .txt

• http://www.ietf.org/internet-drafts/draft-danisch- dns-rr-smtp-03.txt

The article really does sound like this request is an emergency response to a specific threat - The intent seems to me to be more of a temporary bandaid solution than an attempt to alter the very fabric of email as we know it (-:

Pixie