Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Moves Toward Mail-Server Whitelist

Posted by timothy on from the is-it-better-than-spam dept.

Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""

15 of 447 comments (clear)

  1. So what's to prevent.. by dr+ttol · · Score: 3, Insightful

    ..the spammers to get AT&T to whitelist their IPs?

    1. Re:So what's to prevent.. by YouHaveSnail · · Score: 4, Insightful

      Well presumably, any gateway that delivers significant amounts of spam to AT&T will be removed from the white list and added to the black one.

      Their whole approach may or may not work, but it's an interesting idea. The PGP "web of trust" concept never really caught on among the general public, but creating a web of trusted mail servers would seem like a simple and effective defense against spam. AT&T's move might be the first step in that direction.

      The next step, of course, would be either a new protocol or an extension to an existing one that would let one mail server ask another "Hey, smtp.xyz.com wants to exchange mail with me, but I've never heard of him. Do you know him? Do you trust him?" If VeriSign really cared about innovating and improving the net, this is the sort of thing they should be working on.

  2. All it takes by lingqi · · Score: 4, Insightful

    is a few span servers to get on the list, and a few legit servers to get hacked and taken off the list (and tries to get on again) before there will be hell and ATT would have to abandon the plan, wasting all these time and resources used to instate this plan in the first place.

    Great shame, really...

    --

    My life in the land of the rising sun.

    1. Re:All it takes by HBI · · Score: 5, Insightful

      The servers will be now identified by customer.

      The incoming spam will then have an owner tied to it, who will be held accountable. It's a very workable system actually and not as prone to failure as you are alluding.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    2. Re:All it takes by lingqi · · Score: 3, Insightful
      The servers will be now identified by customer.

      and if a popular server is identified by many customers? like, say, hotmail?

      and there ARE cases where somebody might want to send email to a person with no prior contact - the "long-lost HS friend" is overused, but take other examples - say I am active on a mailing list and somebody want to ask me something, or if somebody is replying to my advertisement on ebay. there are TONS of problems with a whitelist-only approach.

      --

      My life in the land of the rising sun.

  3. I wish they'd turn this around by Webmoth · · Score: 3, Insightful

    I had an "unpublished" landline phone number, and chose a third-party carrier for my long distance service. AT&T called me every week as long as I had that phone line, trying to sell me long distance service, no matter that every time I called, I said "no" and told them to never call again.

    It seems that AT&T thinks that if you don't want to do business with them, then they automatically deserve to be on your whitelist.

    Voice spam is just as bad as email spam. Even worse, since you can't deal with it on YOUR time.

    --
    Give me my freedom, and I'll take care of my own security, thank you.
  4. Huh? by Aurix · · Score: 3, Insightful

    This can't be right... Most businesses have no idea what an IP address is, let alone the IP addresses of people who send them email... It sounds like an utterly stupid plan. What's to stop spammers sending them IP addresses of their mail sending boxes or open relays?

  5. Users don't know what to do with this . . . by actappan · · Score: 5, Insightful

    I'm oversee an it department. While we're lucky enough to have a highly technical user base there are still users that need a little help. And some of them will have to write at&t.

    "Solutions" like this do little to stem the tide of spam, they only shift the burden to others. Now, in order to ensure that my users can send email to the customers and contacts they need at att&t, I have to keep them up to date with our whereabouts on the net?

    Earlier this year we had to deal with a spat of denied messages cause when a number of large organizations blocked our entire address block because they believed it was a DSL block. This was the only reason. Not that spam originated from any of these addresses,

    The only way to stop spam is to stop the spammers. The only way to stop the spammers is to stop those that pay them or otherwise make money trough the spam.

    --
    \Drew National Data Director, John Edwards for President
  6. This is just wrong in so many ways... by Fnkmaster · · Score: 5, Insightful
    So if each big company decides to do this, they will all end up with slightly different lists of whitelisted SMTP servers. The Internet will degenerate into a fragmented, unreliable system where you never know who will receive your email. In fact, you'll be strong armed into using particular ISPs and using email addresses like shithead@att.net in order to get your email through to anybody. The Internet is thereby de-democratized and rolled back 10 years.


    This is really a lose-lose situation and it's disappointing to see this. If there's going to be a concept of trusted mail servers, we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function. Even the current system with centralized, subscription-based blackhole lists is far better - at least you only have 5-10 different places to go if you end up on somebody's shit list.


    In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.


    Personally, I find the spam filtering on my fastmail (www.fastmail.fm) account to be incredibly reliable and effective, and I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially. We can do better, and we will beat the spammers, but we don't need to throw out the baby with the bathwater.

    1. Re:This is just wrong in so many ways... by bigberk · · Score: 4, Insightful
      So if each big company decides to do this, they will all end up with slightly different lists of whitelisted SMTP servers. The Internet will degenerate into a fragmented, unreliable system where you never know who will receive your email. In fact, you'll be strong armed into using particular ISPs and using email addresses like shithead@att.net in order to get your email through to anybody. The Internet is thereby de-democratized and rolled back 10 years.
      Spot on, mod this guy up. He hit the nail on the head.
      I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially
      Except for this bit. Never try to bounce spam, it just goes to the wrong destination and further pollutes the Internet.
    2. Re:This is just wrong in so many ways... by Chmarr · · Score: 4, Insightful

      I think you're mistaken. When he says 'bounce spam' he doesn't mean composing a new message and sending it to the 'envelope from'.

      He means ensuring the spam message gets a 550 code, or something similiar, rather than 'accepting' it and trashing it later.

    3. Re:This is just wrong in so many ways... by AKnightCowboy · · Score: 3, Insightful
      In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.

      We're probably all over-reacting a bit since the first time the CEO of AT&T misses an important e-mail message because his ISP blocks the incoming mail, this will go away. I would say by 2pm on Friday at the latest. This is one of those idiotic things to do on the scale of Verisign's Sitefinder "service".

  7. Some much for my mail server by mgarriss · · Score: 5, Insightful

    A week ago I decided that it would be interesting to setup my own mail server, hell, fun even. Interesting yes, fun no. I started with sendmail and ended up with qmail.

    I was so proud of my new server, it was so, well, new. I go to send out a test mail and alas earthlink would not accept it, hmm. Then I sent one to my yahoo account, nope. Hotmail? You guessed it. What's the deal I asked. Googled a bit, found that slashdot discussion (http://yro.slashdot.org/yro/03/04/13/2215207.shtm l?tid=120).

    I started to realize that email is no longer a tool of the little guy. I send my mail through my earthlink server which works but now I must watch my volume (no mailing lists hosted here I'm afraid) because of my 'terms-of-service'. Something about being a little guy or something like that.

    Now the last barrier is up. I wonder if ATT would put me on their list?

  8. Re:Why not use the MX? by morelife · · Score: 4, Insightful

    Why not use the MX?

    In large mta deployments the mx is hardly ever the sending mta.

  9. SMTP blues by ratfynk · · Score: 4, Insightful
    I know this sounds crazy but the protocols are the problem. As long as there is no way to certify return addressing spam will happen. Solicitation lists just do not work for this very reason. I personally do not reply to or even consider spoofed mail. I never use html links that come in mail even if the reply address is authentic. If the person sending me mail cannot give me their real address they can go suck wind. I just wonder, if e-mail dies what will replace it? Ask Bill he has the answer, fascist style computing. Maybe this is why we have the MS worm, virus, software security problem. What a wonderful way to sell secure computing and make so called 'trusted computing' mandatory. Kill of e-mail as we know it first with Windows style security. Na ..no one could be that underhanded. Brilliant idea though and not that far from happening. Either the guy is really that brilliant or just shit lucky. It sure would cement the future of MS computing.

    The best dual boot problem solver is; dd if=/dev/urandom of=/dev/hda1 ..then cfdisk /dev/hda1 etc..

    :-( too bad I have my wife won't switch yet. I have always wanted to use that command!

    --
    OH THE SHAME I fell off the wagon and use sigs again!