Heads-up: AT&T apparently going to whitelist-only inbound mail
----- Forwarded message ----- Return-Path: <rm-antiattspam@ems.att.com> Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by postmaster@attrh1i.attrh.att.com) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: rm-antiattspam@ems.att.com AT&T Business Partners & Customers AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request. This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request. We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet. What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com). If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better. Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est) Thank you for your prompt attention to this matter. We appreciate your cooperation. Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security ----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com. ----- End forwarded message -----
This is apparently already in place, as it explains why all of my AT&T emails bounced today. I guess it they don't want any _new_ customers. On Tuesday, October 21, 2003, at 05:24 PM, Jeff Wasilko wrote:
----- Forwarded message -----
Return-Path: <rm-antiattspam@ems.att.com> Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by postmaster@attrh1i.attrh.att.com) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: rm-antiattspam@ems.att.com
AT&T Business Partners & Customers
AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request.
This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request.
We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet.
What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com).
If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better.
Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)
Thank you for your prompt attention to this matter. We appreciate your cooperation.
Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security
----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com.
----- End forwarded message -----
Regards Marshall Eubanks T.M. Eubanks e-mail : marshall.eubanks@telesuite.com http://www.telesuite.com
On Tuesday, 2003-10-21 at 17:24 AST, Jeff Wasilko <jeffw@smoe.org> wrote:
----- Forwarded message ----- What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com).
----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com. ----- End forwarded message -----
It sure looks to me that they are referring to outbound (from the customer, through AT&T, to the Internet) mail only. Presumably this means they are going to either block all 25/tcp from their customers except from those addresses on their list. Alternatively they might be routing all outbound customer mail from non-whitelisted machines through a transparent proxy; possibly the proxy would rate limit the amount of mail being allowed. Tony Rall
Wow, this sounds like a pretty extreme shotgun approach. (or is it April 1st somewhere). Is AT&T going to make this whitelist publicly available ? Perhaps if there was some global white list that everyone could consult against, it might be a little more useable. Still, what do you do about multi-stage relays ? ---Mike At 05:24 PM 21/10/2003, Jeff Wasilko wrote:
----- Forwarded message -----
Return-Path: <rm-antiattspam@ems.att.com> Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by postmaster@attrh1i.attrh.att.com) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: rm-antiattspam@ems.att.com
AT&T Business Partners & Customers
AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request.
This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request.
We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet.
What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com).
If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better.
Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)
Thank you for your prompt attention to this matter. We appreciate your cooperation.
Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security
----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com.
----- End forwarded message -----
Here is my experience (names are changed to protect...) : Failed to deliver to 'AAA@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3] Failed to deliver to 'BBB@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3] Failed to deliver to 'CCC@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3] Failed to deliver to 'DDD@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3] Failed to deliver to 'EEE@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3] On Tuesday, October 21, 2003, at 05:46 PM, Mike Tancsa wrote:
Wow, this sounds like a pretty extreme shotgun approach. (or is it April 1st somewhere). Is AT&T going to make this whitelist publicly available ? Perhaps if there was some global white list that everyone could consult against, it might be a little more useable. Still, what do you do about multi-stage relays ?
---Mike
At 05:24 PM 21/10/2003, Jeff Wasilko wrote:
----- Forwarded message -----
Return-Path: <rm-antiattspam@ems.att.com> Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by postmaster@attrh1i.attrh.att.com) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: rm-antiattspam@ems.att.com
AT&T Business Partners & Customers
AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request.
This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request.
We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet.
What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com).
If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better.
Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)
Thank you for your prompt attention to this matter. We appreciate your cooperation.
Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security
----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to rm-antiattspam@ems.att.com.
----- End forwarded message -----
Regards Marshall Eubanks T.M. Eubanks e-mail : marshall.eubanks@telesuite.com http://www.telesuite.com
I'm getting nothing but timeouts at this point to any of att's mail servers. Nothing going through at all. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org ICQ: 8077511 ----- Original Message ----- From: "Marshall Eubanks" <tme@multicasttech.com> To: "Mike Tancsa" <mike@sentex.net> Cc: <nanog@nanog.org> Sent: Tuesday, October 21, 2003 5:57 PM Subject: Re: Heads-up: AT&T apparently going to whitelist-only inbound mail
Here is my experience (names are changed to protect...) :
Failed to deliver to 'AAA@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3]
Failed to deliver to 'BBB@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3]
Failed to deliver to 'CCC@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3]
Failed to deliver to 'DDD@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3]
Failed to deliver to 'EEE@att.com' SMTP module(domain att.com) reports: message text rejected by ckmsi2.att.com: 550 5.7.1 Your message was rejected as possible spam. Please call your AT&T contact. [3]
On Tuesday, October 21, 2003, at 05:46 PM, Mike Tancsa wrote:
Wow, this sounds like a pretty extreme shotgun approach. (or is it April 1st somewhere). Is AT&T going to make this whitelist publicly available ? Perhaps if there was some global white list that everyone could consult against, it might be a little more useable. Still, what do you do about multi-stage relays ?
---Mike
Jeff Wasilko wrote:
What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address (rm-antiattspam@ems.att.com).
And none of AT&T's legitimate business partners, clients, and customers have dynamic IP addresses? None of them go home and relay through their home ISP? Or use YourFreeFlyByNightWebMailPopUpAdSite.com when off site? I mean dealing with spam and email borne worms costs money, but I cannot imagine how much $$$ in administrative overhead this policy will cost. This is going to burn many man-hours to build and then to maintain forever and ever and ever. Any AT&Ters on this list know the inside story? And I would think something like this will show up in the trade rags if not the techology section of mainstream media outlets. Anyone seen anything (or should I wait for it to hit /.)? -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387
participants (6)
-
Brian Bruns -
Crist Clark -
Jeff Wasilko -
Marshall Eubanks -
Mike Tancsa -
Tony Rall