Re: Heads-up: AT&T apparently going to whitelist-only inbound mail
AT&T STATEMENT - CURRENT SPAM ATTACK - 10/22/03 AT&T and a number of other large companies have seen a marked increase in the amount of incoming SPAM in recent days. A team of experts that includes members from AT&T Labs, Network Services, and Corporate Security has implemented a number of procedures to remediate this situation and minimize its impact on those trying to send e-mail to "att.com" addresses. As of this morning - Wednesday, October 22nd - the level of incoming e-mail messages is returning to normal and the situation appears to be well in hand. Although all AT&T e-mail servers are fully operational at this time, some incoming messages are experiencing intermittent delays as SPAM filtering continues at all network gateways. Customers who received e-mail bulletins from AT&T Monday and Tuesday requesting specific information are advised to disregard those messages. They were inadvertently sent out in error and we apologize for any confusion or inconvenience they may have caused. Network reliability is one of our top priorities at AT&T, so for obvious reasons we will not be providing more detailed information regarding the specific security procedures implemented to curb this SPAM attack. We have no intention of helping those who generate this type of computer and Internet mischief.
At 2:43 PM -0400 10/22/03, Steve Bellovin wrote:
Customers who received e-mail bulletins from AT&T Monday and Tuesday requesting specific information are advised to disregard those messages. They were inadvertently sent out in error and we apologize for any confusion or inconvenience they may have caused.
That reminds me of the time the new head of security at Apollo announced that they were going to be saving money by turning off the power and locking the buildings on weekends. That afternoon on the way out there were fliers that sounded almost exactly like that paragraph. It was just a misunderstanding. However, what AT&T was trying to do, however clumsily, isn't that different from what companies like AOL and MSN do, where certain IP addresses get red carpet treatment through the mail servers, while others are more closely examined. It doesn't surprise me that non-ISP companies are starting to look at the same kind of things. -- Kee Hinckley http://www.messagefire.com/ Next Generation Spam Defense http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
Some people have been wondering if my statement was authentic, authorized, etc. That's a fair question. I've pgp-signed this copy of it; my public key is available via my Web page and via key servers around the net. See http://www.internetnews.com/ent-news/article.php/3097171 for a news story with similar content.
AT&T STATEMENT - CURRENT SPAM ATTACK - 10/22/03
AT&T and a number of other large companies have seen a marked increase in the amount of incoming SPAM in recent days. A team of experts that includes members from AT&T Labs, Network Services, and Corporate Security has implemented a number of procedures to remediate this situation and minimize its impact on those trying to send e-mail to "att.com" addresses.
As of this morning - Wednesday, October 22nd - the level of incoming e-mail messages is returning to normal and the situation appears to be well in hand. Although all AT&T e-mail servers are fully operational at this time, some incoming messages are experiencing intermittent delays as SPAM filtering continues at all network gateways.
Customers who received e-mail bulletins from AT&T Monday and Tuesday requesting specific information are advised to disregard those messages. They were inadvertently sent out in error and we apologize for any confusion or inconvenience they may have caused.
Network reliability is one of our top priorities at AT&T, so for
obvious reasons we will not be providing more detailed information regarding the specific security procedures implemented to curb this SPAM attack. We have no intention of helping those who generate this type of computer and Internet mischief.
--Steve Bellovin, http://www.research.att.com/~smb
On Wed, 22 Oct 2003, Steve Bellovin wrote:
AT&T STATEMENT - CURRENT SPAM ATTACK - 10/22/03
See similar statements from other service providers such as Telstra (which gave its subscribers a $25 million service credit) in Australia and Sympatico in Canada.
participants (4)
-
Kee Hinckley
-
Sean Donelan
-
Steve Bellovin
-
Steven M. Bellovin