Slashdot Mirror
AT&T Moves Toward Mail-Server Whitelist
Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""
And it's been blocking email I send to my work account! Now I understand what's going on.
is a few span servers to get on the list, and a few legit servers to get hacked and taken off the list (and tries to get on again) before there will be hell and ATT would have to abandon the plan, wasting all these time and resources used to instate this plan in the first place.
Great shame, really...
My life in the land of the rising sun.
I'm oversee an it department. While we're lucky enough to have a highly technical user base there are still users that need a little help. And some of them will have to write at&t.
"Solutions" like this do little to stem the tide of spam, they only shift the burden to others. Now, in order to ensure that my users can send email to the customers and contacts they need at att&t, I have to keep them up to date with our whereabouts on the net?
Earlier this year we had to deal with a spat of denied messages cause when a number of large organizations blocked our entire address block because they believed it was a DSL block. This was the only reason. Not that spam originated from any of these addresses,
The only way to stop spam is to stop the spammers. The only way to stop the spammers is to stop those that pay them or otherwise make money trough the spam.
\Drew National Data Director, John Edwards for President
This is really a lose-lose situation and it's disappointing to see this. If there's going to be a concept of trusted mail servers, we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function. Even the current system with centralized, subscription-based blackhole lists is far better - at least you only have 5-10 different places to go if you end up on somebody's shit list.
In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.
Personally, I find the spam filtering on my fastmail (www.fastmail.fm) account to be incredibly reliable and effective, and I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially. We can do better, and we will beat the spammers, but we don't need to throw out the baby with the bathwater.
A week ago I decided that it would be interesting to setup my own mail server, hell, fun even. Interesting yes, fun no. I started with sendmail and ended up with qmail.
m l?tid=120).
I was so proud of my new server, it was so, well, new. I go to send out a test mail and alas earthlink would not accept it, hmm. Then I sent one to my yahoo account, nope. Hotmail? You guessed it. What's the deal I asked. Googled a bit, found that slashdot discussion (http://yro.slashdot.org/yro/03/04/13/2215207.sht
I started to realize that email is no longer a tool of the little guy. I send my mail through my earthlink server which works but now I must watch my volume (no mailing lists hosted here I'm afraid) because of my 'terms-of-service'. Something about being a little guy or something like that.
Now the last barrier is up. I wonder if ATT would put me on their list?
FYI, this seems to be from AT&T Business Services, IE backbone and ip operations. So their customers (the people they are asking) in this case are other ISPs, datacenters, etc, and the whitelist is for sending email to AT&T itself. This has nothing to do with other AT&T services (remember, "AT&T" is essentially about a hundred different companies that happen to share the same name), so this should not affect some grandma trying to send to an attbi account. That being said, whether what they're doing is good remains to be seen.
(Interestingly enough, I *DO* work for a datacenter that has IP and transit services through AT&T, and have not received one of these emails yet...)
Well presumably, any gateway that delivers significant amounts of spam to AT&T will be removed from the white list and added to the black one.
Their whole approach may or may not work, but it's an interesting idea. The PGP "web of trust" concept never really caught on among the general public, but creating a web of trusted mail servers would seem like a simple and effective defense against spam. AT&T's move might be the first step in that direction.
The next step, of course, would be either a new protocol or an extension to an existing one that would let one mail server ask another "Hey, smtp.xyz.com wants to exchange mail with me, but I've never heard of him. Do you know him? Do you trust him?" If VeriSign really cared about innovating and improving the net, this is the sort of thing they should be working on.
Really, never. Just ask them.
If all this should have a reason, we would be the last to know.
I find this very hypocritical. ATT is a major service provider for spammers, mostly through their broadband service. I know because I have my own blacklist and there are hundreds of Class C blocks with ATT. ATT is very lax with enforcing any AUP they may have.
Why not use the MX?
In large mta deployments the mx is hardly ever the sending mta.
The best dual boot problem solver is; dd if=/dev/urandom of=/dev/hda1 ..then cfdisk /dev/hda1 etc..
:-( too bad I have my wife won't switch yet. I have always wanted to use that command!
OH THE SHAME I fell off the wagon and use sigs again!
There are several initiatives underway to use DNS to authenticate SMTP transactions: this seems like a good way to avoid the nastiness described by the parent poster...
- http://spf.pobox.com/draft-mengwong-spf-01.txt
- http://www.pan-am.ca/draft-ietf-asrg-dsprotocol-0
0 .txt
- http://www.ietf.org/internet-drafts/draft-danisch
- dns-rr-smtp-03.txt
The article really does sound like this request is an emergency response to a specific threat - The intent seems to me to be more of a temporary bandaid solution than an attempt to alter the very fabric of email as we know it (-:Pixie
don't mess with those geekgrrls
The biggest problem is ATT will have to administrate this. If a (legitimate) domain switches IP addresses on their outgoing SMTP server (it happens), ATT will have to deal with it by setting up some kind of structure to accomodate such changes.
Forcing domains to declare from what SMTP host legitimate mail will come from is actualy a good idea. It has been proposed before, in the form of SPF:Sender and RMX. Either would do the job (technical quibbles aside), and would accomodate the end goal ATT is trying to achieve.