Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Moves Toward Mail-Server Whitelist

Posted by timothy on from the is-it-better-than-spam dept.

Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""

6 of 447 comments (clear)

  1. I work for AT&T! by Anonymous Coward · · Score: 4, Interesting

    And it's been blocking email I send to my work account! Now I understand what's going on.

  2. Shock and disbelief.... by ComputerSlicer23 · · Score: 3, Interesting
    Uhhh, I do business with people on the AT&T network. At least I'm reasonable sure the 1000's of clients who use e-mail to contact me use it. I wonder what I need to do to get on the list.

    Complete shock and disbelief at the first e-mail (the dreadfully short message at the bottom).

    Has anyone actually called and confirmed with the 1-800 number that this truely is AT&T, and it really is what they are saying? I'm not sure I'll believe it until I see the e-mail actually start bouncing. That's clinically insane. Do they seriously believe they'll be able to pull this off? You mean ever time a small company creates a new mail server they'll have to contact AT&T with the outgoing SMTP servers? If this starts a major trend, you mean I'll have to contact lots of major ISP's to send mail to them?

    Assuming this it to stop SPAM (what else could it be?), what's to stop a spammer from just calling up and saying I'm a legit mailer set me up? What do I do when I get assigned the IP from the old spammer? What will there policy be on setting you back up? Will there be an official form? How can they tell the Spammer just isn't dupping them a second time with a fake business?

    This sounds like a terrible idea, and like their security people haven't really thought this through. About the only thing I like about it, is that it is a sign that major ISP's are starting to play hardball. I'm curious if one of their net admins was behind some of the major black lists that just got DDoS'ed off the net. I hope they accept e-mail from anybody with a legitimate MX record at least. At least for a little while. I can't believe they aren't going to do a black list instead of a white list.

    What's the over-under on how long this takes to get pulled the plug on? There's no way this will last. It'll be a world class disaster. My guess is it won't last 15 business days.

    Kirby

  3. This is not going to work by bigberk · · Score: 3, Interesting

    After a few months of operation, it will become obvious that this plan is a disaster. Spam-friendly ISPs (and there are many with legit customers too) will still get on the whitelist, so incoming spam will not cease. But in the meantime, smaller ISPs around the world will get mighty pissed because their mail is rejected.

    However, if you run your own mail server you will get quite annoyed, but all hope is not lost. Here is a brilliant solution for postfix that will let you deliver mail specifically bound for, say, attglobal.net through your ISP's hopefully whitelisted customer-use mail server instead of direct delivery. So AT&T will see your ISP's mail server connecting for this mail, while all your other mail can be delivered direct.

    I'm mighty disappointed in AT&T. This move further commercializes Internet connectivity by giving big business the green light to send any mail while blocking all the small guys. Seriously.

  4. Hypocritical--ATT is a major Spam Service Provider by dananderson · · Score: 4, Interesting

    I find this very hypocritical. ATT is a major service provider for spammers, mostly through their broadband service. I know because I have my own blacklist and there are hundreds of Class C blocks with ATT. ATT is very lax with enforcing any AUP they may have.

  5. RMX and SPF:Sender by RT+Alec · · Score: 4, Interesting

    The biggest problem is ATT will have to administrate this. If a (legitimate) domain switches IP addresses on their outgoing SMTP server (it happens), ATT will have to deal with it by setting up some kind of structure to accomodate such changes.

    Forcing domains to declare from what SMTP host legitimate mail will come from is actualy a good idea. It has been proposed before, in the form of SPF:Sender and RMX. Either would do the job (technical quibbles aside), and would accomodate the end goal ATT is trying to achieve.

  6. Fscking hypocrites... by Eggplant62 · · Score: 3, Interesting

    AT&T three years ago were caught out when a "pink contract" they held with Ronnie Scelson's Cajun Hosting was brought to light by anti-spammers on news.admin.net-abuse.email. Now they're going to do something about the spam hitting their user's inboxes.

    Less spam would hit their user's inboxes if they were to sever all ties with their pet spammers. It's my own hog-fucking opinion that AT&T still has plenty of pink paper over there and are still helping spammers to stay in business. However, money still talks the loudest. Those spam contracts usually bring double or triple the going rate to ignore complaints.