Some people have been wondering if my statement was authentic, authorized, etc. That's a fair question. I've pgp-signed this copy of it; my public key is available via my Web page and via key servers around the net. See http://www.internetnews.com/ent-news/article.php/3097171 for a news story with similar content.
AT&T STATEMENT - CURRENT SPAM ATTACK - 10/22/03
AT&T and a number of other large companies have seen a marked increase in the amount of incoming SPAM in recent days. A team of experts that includes members from AT&T Labs, Network Services, and Corporate Security has implemented a number of procedures to remediate this situation and minimize its impact on those trying to send e-mail to "att.com" addresses.
As of this morning - Wednesday, October 22nd - the level of incoming e-mail messages is returning to normal and the situation appears to be well in hand. Although all AT&T e-mail servers are fully operational at this time, some incoming messages are experiencing intermittent delays as SPAM filtering continues at all network gateways.
Customers who received e-mail bulletins from AT&T Monday and Tuesday requesting specific information are advised to disregard those messages. They were inadvertently sent out in error and we apologize for any confusion or inconvenience they may have caused.
Network reliability is one of our top priorities at AT&T, so for
obvious reasons we will not be providing more detailed information regarding the specific security procedures implemented to curb this SPAM attack. We have no intention of helping those who generate this type of computer and Internet mischief.
--Steve Bellovin, http://www.research.att.com/~smb