I'm not sure whether shadenfreude is the right word, however, it seems that, regarding a previous conversation about cutting off users infected with viruses, ATT has decided that putting a bit of stick about is the right thing to do. It will be very interesting to see how this works out, as it may set a very big precedent. I just hope that they do it subnet by subnet over time instead of all at once, so that the interruption can be isolated brifly to small areas over a longer period of time. I don't envy their customers, or their security department for having to resort to this, but we should all be watching for the results, as it may make or break the case for dealing with user sites that expose the network to risk. Best, -j -- Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324
"Jeff Wasilko" <jeffw@smoe.org> 10/21/03 05:24pm >>>
----- Forwarded message ----- Return-Path: <rm-antiattspam@ems.att.com> Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by postmaster@attrh1i.attrh.att.com) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: rm-antiattspam@ems.att.com AT&T Business Partners & Customers AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request. This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request. We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet. What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com). If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better. Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est) Thank you for your prompt attention to this matter. We appreciate your cooperation. Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security ----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com. ----- End forwarded message -----