Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam Businesses The Internet

AT&T Moves Toward Mail-Server Whitelist 447

Gunfighter writes "In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded. To quote the message: "... In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue.""
This discussion has been archived. No new comments can be posted.

AT&T Moves Toward Mail-Server Whitelist

Comments Filter:
  • I work for AT&T! (Score:4, Interesting)

    by Anonymous Coward on Tuesday October 21, 2003 @11:49PM (#7278450)
    And it's been blocking email I send to my work account! Now I understand what's going on.
  • Oh well. (Score:2, Insightful)

    SMTP email was nice while it lasted.

    Semaphore, anyone? Smoke signals?
  • by dr ttol ( 674155 ) on Tuesday October 21, 2003 @11:52PM (#7278460)
    ..the spammers to get AT&T to whitelist their IPs?
    • by YouHaveSnail ( 202852 ) on Wednesday October 22, 2003 @12:13AM (#7278568)
      Well presumably, any gateway that delivers significant amounts of spam to AT&T will be removed from the white list and added to the black one.

      Their whole approach may or may not work, but it's an interesting idea. The PGP "web of trust" concept never really caught on among the general public, but creating a web of trusted mail servers would seem like a simple and effective defense against spam. AT&T's move might be the first step in that direction.

      The next step, of course, would be either a new protocol or an extension to an existing one that would let one mail server ask another "Hey, smtp.xyz.com wants to exchange mail with me, but I've never heard of him. Do you know him? Do you trust him?" If VeriSign really cared about innovating and improving the net, this is the sort of thing they should be working on.
      • Well presumably, any gateway that delivers significant amounts of spam to AT&T will be removed from the white list and added to the black one.

        And how exactly is this different from the current system?
        • The vast majority of servers will be caught by the white-list. The very few who are smart/dumb enough to register on it can easily be handled by the blacklist - and, since assumedly the whitelist registration contains contact information, possibly be held responsible for their spamming.
      • "Hey, smtp.xyz.com wants to exchange mail with me, but I've never heard of him. Do you know him? Do you trust him?"

        Its a mail server... not a male server...
  • All it takes (Score:4, Insightful)

    by lingqi ( 577227 ) on Tuesday October 21, 2003 @11:54PM (#7278478) Journal
    is a few span servers to get on the list, and a few legit servers to get hacked and taken off the list (and tries to get on again) before there will be hell and ATT would have to abandon the plan, wasting all these time and resources used to instate this plan in the first place.

    Great shame, really...
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Wednesday October 22, 2003 @12:01AM (#7278503)
      Comment removed based on user account deletion
      • Re:All it takes (Score:4, Insightful)

        by lingqi ( 577227 ) on Wednesday October 22, 2003 @12:20AM (#7278614) Journal
        The servers will be now identified by customer.

        and if a popular server is identified by many customers? like, say, hotmail?

        and there ARE cases where somebody might want to send email to a person with no prior contact - the "long-lost HS friend" is overused, but take other examples - say I am active on a mailing list and somebody want to ask me something, or if somebody is replying to my advertisement on ebay. there are TONS of problems with a whitelist-only approach.

    • The solution is pay-per-mail. I set my price at $1 per email. The charge is forgiven if I reply. You spam me at your expense - I'll happily accept the $100 per day.
    • by l810c ( 551591 ) * on Wednesday October 22, 2003 @12:33AM (#7278678)
      And what the recourse for the Customer? Call or email the ISP to get xxx.com on their whitelist?

      Here's some samples:
      'I just signed up for fatanalhos.com and they emailed me my password. I didn't get the email. Could you please put fatanalhos.com on your Whitelist?'

      'I just ordered some penis enlargement cream, but I didn't get my email conformation. Could you please Whitelist myphatcock.com?'

      'I'm expecting a large sum of money from Nigeria and I can't get my emails...'

    • RMX and SPF:Sender (Score:5, Interesting)

      by RT Alec ( 608475 ) * <{moc.elkcuhc.todhsals} {ta} {cela}> on Wednesday October 22, 2003 @01:29AM (#7278838) Homepage Journal

      The biggest problem is ATT will have to administrate this. If a (legitimate) domain switches IP addresses on their outgoing SMTP server (it happens), ATT will have to deal with it by setting up some kind of structure to accomodate such changes.

      Forcing domains to declare from what SMTP host legitimate mail will come from is actualy a good idea. It has been proposed before, in the form of SPF:Sender [slashdot.org] and RMX [mikerubel.org]. Either would do the job (technical quibbles aside), and would accomodate the end goal ATT is trying to achieve.

  • by Webmoth ( 75878 ) on Tuesday October 21, 2003 @11:56PM (#7278485) Homepage
    I had an "unpublished" landline phone number, and chose a third-party carrier for my long distance service. AT&T called me every week as long as I had that phone line, trying to sell me long distance service, no matter that every time I called, I said "no" and told them to never call again.

    It seems that AT&T thinks that if you don't want to do business with them, then they automatically deserve to be on your whitelist.

    Voice spam is just as bad as email spam. Even worse, since you can't deal with it on YOUR time.
  • Somehow ... (Score:3, Insightful)

    by RWarrior(fobw) ( 448405 ) * on Wednesday October 22, 2003 @12:00AM (#7278498)
    ... this doesn't surprise me.

    On the other hand, there are other approaches just as destructive.

    I run an outbound SMTP server for my own personal use, in part because my ISP's [charter.net] SMTP server sucks.

    At times, it could take 30 or more minutes to relay an email to myself.

    One of the problems with this is that apparently I got listed on some kind of dial-up user block list, and my mother's ISP [rr.com] blocks those users from sending to its users.

    The downside is that my mother's ISP [rr.com] also blocks my ISP's [charter.net] SMTP server.

    Isn't that useful.

    • by Rick the Red ( 307103 ) <Rick.The.Red@gmaBOYSENil.com minus berry> on Wednesday October 22, 2003 @12:16AM (#7278590) Journal
      You must be a spammer. That's the ONLY way your SMTP server could get blacklisted. Oh, and your ISP must harbor spammers, too, otherwise there's NO WAY they could be on some blacklist by mistake. OH, NO, the spam vigilanties NEVER make mistakes and blacklist an innocent party. NEVER.

      Really, never. Just ask them.

      • You must be a spammer. That's the ONLY way your SMTP server could get blacklisted.

        No it's not. I run a mail server on my home cable line, and I once got a message saying that I was blacklisted - the reason cited was that it was a residential broadband address, that shouldn't be sending mail. I told Postfix to use my ISP's mail server as a relay for outgoing mail, and voila, no more problems.

    • You an just get a remote server and setup SMTP-AUTH or POP before STMP

      Rus
    • Both charter and rr are MAJOR sources of spam, so I'm not suprised.

      The amount of spam coming out of rr.com is about equal to the amount of spam coming out of korea. At least for me it is. Charter isn't as bad, but it's a major source too.

      • Re:Somehow ... (Score:3, Insightful)

        The amount of spam coming out of rr.com is about equal to the amount of spam coming out of korea. At least for me it is. Charter isn't as bad, but it's a major source too.

        The trouble with spam is, we're all complaining about it, but most of the time it isn't illegal! Until spam is illegal than blocking it through technical means and blocking IP address ranges carpet-bomb style to try to prevent it hurts legitimate users more than it hurts the spammers. The spammers will just be moved by their spam-frien

  • Huh? (Score:3, Insightful)

    by Aurix ( 610383 ) on Wednesday October 22, 2003 @12:00AM (#7278502)
    This can't be right... Most businesses have no idea what an IP address is, let alone the IP addresses of people who send them email... It sounds like an utterly stupid plan. What's to stop spammers sending them IP addresses of their mail sending boxes or open relays?
  • Hopefully RMX will get off the ground soon, so we can all do this automaticaly.
    • RMX is RIP? (Score:2, Interesting)

      by Nonesuch ( 90847 )
      Autopr0n writes:
      Hopefully RMX will get off the ground soon, so we can all do this automaticaly.

      That's what I was thinking, but it looks like RMX is dead in the water, the link to the memo from the IETF ASRG website goes 404.

      Looks like TLS (SMTP over SSL with client and server certificates) is our only hope. I was at a recent Open Group messaging conference (formerly X.org) where the main topic was spam, and there is definitely interest in this approach.

  • They should've gone one step further - accept only authenticated (TLS'ed) SMTP
    connections and manage whitelisted certificates instead of IP addresses. This would require
    gradual implementation and will take time longer to setup, but once deployed the management
    would involve significantly less headache than with IP whitelists.
    • They should've gone one step further

      Heck, the next logical step beyond claiming that they can white list every legitimate e-mail server on the planet that might ever send a valid e-mail to an AT&T customer would be to simply demand that everyone register all the actual e-mail that they will ever send to an AT&T customer. Then they could check incoming e-mail against everything they had on hand (or even just the md5 checksums of same) and reject any e-mail that wasn't already on file, since it must

  • Five emails (Score:3, Insightful)

    by poptones ( 653660 ) on Wednesday October 22, 2003 @12:03AM (#7278517) Journal
    That's how many "spams" I've received in the last three months. And three of them came just today because two days ago I stupidly obliterated my mozilla profile and the (few) mail rules I had set up were lost.

    I wonder how the people on AT&T's ISP networks are going to feel about not being able to communicate with mom and dad in Singapore? And all those folks (or those few folks, I suppose, depending on who you hang with) running personal SMTP services from their homes for the added privacy it buys them.

    Yes, there's a lot of trash spam out there. It's NOT impossible to stop, but solutions like this one are not going to substantially help. If AT&T closes off its mail network to the world outside, those broadband customers running open proxies just become that much more valuable - then ATs own customers become the conduit of the spam they are trying to squash. There are thousands of "questionable" usenet posts that originate from roadrunner and AT&T and pacbell and earthlink usenet servers that are proxied there through their own broadband customers. Even locking those customers down to port 80 access won't stop trojans and backdoors, so logically I guess this is just the first step to AT&T closing off its network from the internet entirely?

    Maybe they'll just firewall all their customers in and dish out the DMCA approved web pages through proxy farms... that'll teach those evil spammers!

  • by actappan ( 144541 ) on Wednesday October 22, 2003 @12:05AM (#7278531) Homepage
    I'm oversee an it department. While we're lucky enough to have a highly technical user base there are still users that need a little help. And some of them will have to write at&t.

    "Solutions" like this do little to stem the tide of spam, they only shift the burden to others. Now, in order to ensure that my users can send email to the customers and contacts they need at att&t, I have to keep them up to date with our whereabouts on the net?

    Earlier this year we had to deal with a spat of denied messages cause when a number of large organizations blocked our entire address block because they believed it was a DSL block. This was the only reason. Not that spam originated from any of these addresses,

    The only way to stop spam is to stop the spammers. The only way to stop the spammers is to stop those that pay them or otherwise make money trough the spam.
    • At Netmar [netmar.com], we have an ongoing debate about whether or not to implement a specific rule in sendmail's config file.

      It takes the hostname of the server that the email was received from, and checks to make sure that the hostname has a valid reverse DNS zone configured.

      This honestly stops a lot of spam. Exceptions being exchange servers set to world relay, but the amount of spam is drastically cut down.

      What sucks is all the little mom and pop ISP's and offices with their own internet who don't know how to co
      • hi

        a rather big cable ISP in switzerland did this a couple of weeks ago.

        it caused a bit of a ripple through the hostmaster-community, but it seems after a couple of days, almost everyone managed to fix their reverse entries... now, if more big isp's would do it, making them unpopular for a day within the rest of the admin community, it probably would lead to better maintained PTRs and then everyone could go and implement that :-)

        i got hit by the change too, because at a client's site we use two outgoing m
  • by Fnkmaster ( 89084 ) on Wednesday October 22, 2003 @12:08AM (#7278541)
    So if each big company decides to do this, they will all end up with slightly different lists of whitelisted SMTP servers. The Internet will degenerate into a fragmented, unreliable system where you never know who will receive your email. In fact, you'll be strong armed into using particular ISPs and using email addresses like shithead@att.net in order to get your email through to anybody. The Internet is thereby de-democratized and rolled back 10 years.


    This is really a lose-lose situation and it's disappointing to see this. If there's going to be a concept of trusted mail servers, we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function. Even the current system with centralized, subscription-based blackhole lists is far better - at least you only have 5-10 different places to go if you end up on somebody's shit list.


    In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.


    Personally, I find the spam filtering on my fastmail (www.fastmail.fm) account to be incredibly reliable and effective, and I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially. We can do better, and we will beat the spammers, but we don't need to throw out the baby with the bathwater.

    • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Wednesday October 22, 2003 @12:21AM (#7278622)
      So if each big company decides to do this, they will all end up with slightly different lists of whitelisted SMTP servers. The Internet will degenerate into a fragmented, unreliable system where you never know who will receive your email. In fact, you'll be strong armed into using particular ISPs and using email addresses like shithead@att.net in order to get your email through to anybody. The Internet is thereby de-democratized and rolled back 10 years.
      Spot on, mod this guy up. He hit the nail on the head.
      I've found that if I bounce back every piece of true spam I get, over a few weeks or months, my rate of incoming spam seems to decrease substantially
      Except for this bit. Never try to bounce spam, it just goes to the wrong destination and further pollutes the Internet.
    • Just because... (Score:4, Informative)

      by sillypixie ( 696077 ) on Wednesday October 22, 2003 @12:53AM (#7278735) Journal
      you whitelist some servers does not have to mean that you have to blacklist all the others. If AT&T really means to do this, they will learn the hard way when their business suffers.

      There are several initiatives underway to use DNS to authenticate SMTP transactions: this seems like a good way to avoid the nastiness described by the parent poster...

      The article really does sound like this request is an emergency response to a specific threat - The intent seems to me to be more of a temporary bandaid solution than an attempt to alter the very fabric of email as we know it (-:

      Pixie

    • The internet's email is already an unreliable system. A friend on earthlink has an open-source project and a list of 500 people who want to know about new updates. He sent one email to all of them and earthlink suspended his account. Another email server blocked a real email, marking it as spam just because the subject line was similiar to a known worm's typical subject line - even without an attachment. Luckily the server was "mis-configured" and actually DID send the bounce - otherwise I would not have
    • and using email addresses like shithead@att.net in order to get your email through to anybody

      How would that circumvent AT&Ts policy?
    • The Internet is thereby de-democratized and rolled back 10 years.

      I would love to see the Internet rolled back 10 years (or say, 6-7), aside from the bandwidth losses. It was a much more free system then.
    • by AKnightCowboy ( 608632 ) on Wednesday October 22, 2003 @04:48AM (#7279362)
      In the dark world of the future you'll have to fight your way through bureaucracy and stupid sysadmins (and yes, the vast majority of sysadmins are fucking idiots, though I know that's not a popular opinion around here) for each and every company, organization or domain you want to send email to. That sounds like an infeasible, unmaintainable system to me.

      We're probably all over-reacting a bit since the first time the CEO of AT&T misses an important e-mail message because his ISP blocks the incoming mail, this will go away. I would say by 2pm on Friday at the latest. This is one of those idiotic things to do on the scale of Verisign's Sitefinder "service".

  • by DAldredge ( 2353 ) <SlashdotEmail@GMail.Com> on Wednesday October 22, 2003 @12:08AM (#7278547) Journal
    But, if you wish to become an ATT customer, how do you contact them?

    I have no wish to phone them so they can get my phone number, which they will use to call me every 5 days trying to get me to switch my ld to att.

  • by mgarriss ( 615232 ) on Wednesday October 22, 2003 @12:09AM (#7278549)
    A week ago I decided that it would be interesting to setup my own mail server, hell, fun even. Interesting yes, fun no. I started with sendmail and ended up with qmail.

    I was so proud of my new server, it was so, well, new. I go to send out a test mail and alas earthlink would not accept it, hmm. Then I sent one to my yahoo account, nope. Hotmail? You guessed it. What's the deal I asked. Googled a bit, found that slashdot discussion (http://yro.slashdot.org/yro/03/04/13/2215207.shtm l?tid=120).

    I started to realize that email is no longer a tool of the little guy. I send my mail through my earthlink server which works but now I must watch my volume (no mailing lists hosted here I'm afraid) because of my 'terms-of-service'. Something about being a little guy or something like that.

    Now the last barrier is up. I wonder if ATT would put me on their list?
    • I started to realize that email is no longer a tool of the little guy. I send my mail through my earthlink server which works but now I must watch my volume (no mailing lists hosted here I'm afraid) because of my 'terms-of-service'. Something about being a little guy or something like that.

      I've said it before and I'll say it again. We'll watch the Internet divide among corporate/smallguy lines. All us small guys will still be able to communicate (provided our ISPs don't start filtering TCP packets based

    • by KMSelf ( 361 )

      Ain't that the truth.

      There are a few "true costs of spam" I'm seeing. One is as you point out, Balkanization (and I'm still stuck by the AOL issue, though at least I can mail by a secondary route). One is people cut off from other groups by arbitrary blacklisting policies. And yes, many of us (/me raises hand) cheered the same action when used against foreign ISPs with large spam volumes, though I still maintain that there's an important distinction between strongly prodding ISPs to clean up their act,


  • I have my own domain and run a MTA on my Linux box that is on DSL and gets its IP via DHCP. The IP almost never changes since the server is always on. I bet this is the same configuration as other /. readers.

    Anyway, I am starting to get bounces from certain organizations (AOL, Primus) that seem to think my messages are spam. Seems to have something to do with coming from an IP that is known DHCP. This kind of sucks; whitelists and spam filters may seem good at first, but they are screening out some legitim
    • I have the same setup here. The problem is the realtime blackhole list I believe.. It blocks out IP addresses from dynamic sources, and that DOES include DSL and cable, even if the IPs hardly ever change. Workaround? Use the ISP's smtp servers with sendmail.

      My ISP just recently blocked the port we use for incoming e-mail. Our workaround for this is to get another box to use as a relay, set up a MX record in our DNS, point it to that box, then use that box to forward it to our port 5555 (example). Wish I kn
    • I already can't send to a friend who uses AOL because AOL thinks I'm a spammer just because I use Postfix on my OS X laptop to send mail so I can send mail from anywhere using any of my (all legitimate) return addresses. I could spoof my return address and be a spammer, but I'm not.

      AOL doesn't even try to test my messages for spam content. They just ... vanish.

      Consequently, I've told this friend that until she gets an ISP that follows standards like the rest of the net does, I won't even bother to try sen
  • Does this mean that Joe Public surfing the AT&T web site can't shoot them a question via e-mail? If so, I can't imagine that's going to be good for their business.
  • RTFA? (Score:5, Informative)

    by fo0bar ( 261207 ) * on Wednesday October 22, 2003 @12:11AM (#7278563)
    FYI, this seems to be from AT&T Business Services, IE backbone and ip operations. So their customers (the people they are asking) in this case are other ISPs, datacenters, etc, and the whitelist is for sending email to AT&T itself. This has nothing to do with other AT&T services (remember, "AT&T" is essentially about a hundred different companies that happen to share the same name), so this should not affect some grandma trying to send to an attbi account. That being said, whether what they're doing is good remains to be seen.

    (Interestingly enough, I *DO* work for a datacenter that has IP and transit services through AT&T, and have not received one of these emails yet...)
  • Good grief (Score:3, Informative)

    by Micah ( 278 ) on Wednesday October 22, 2003 @12:13AM (#7278572) Homepage Journal
    I've said it before, and I'll say it again. We need to dump SMTP and switch to something like Internet Mail 2000. The sooner we do it, the better. Some people here have voiced concerns, but I'm convinced that this proposal is well thought out and will work. Any inconvenience (which would be minor, and only for a small fraction of users) would be trumped by its benefits, by a wide margin.

    Anyone know if anyone is actually coding up a sample server and client for IM2000? A google search for "internet mail 2000" comes up with some proposals that go beyond Bernstein's site [cr.yp.to], but I haven't seen any evidence of code yet. It really shouldn't be that complicated and, yeah, I'd be willing to help!
    • Any inconvenience (which would be minor, and only for a small fraction of users) would be trumped by its benefits, by a wide margin.

      Not true at all. It has all the disadvantages of e-mail, along with all the disadvantages of the WWW...

      You can't download all your messages, and read them later (well, you can, but that would defeat the single advantage of it).

      You can no longer archive your messages. It becomes a serious hassle to send e-mail to anybody. You can no longer batch-process messages (a serious

  • I read between the lines as:

    Greetings Customers and Partners,

    There is too spam, so we fired everyone in IT. We've got some temps, led by secretaries, who will now rebuild and maintain all AT+T messaging platforms. Please send your IP addresses as we will need to ping you next week to see if you're still a Parntner/Customer.

    Best regards,

    "

  • by ComputerSlicer23 ( 516509 ) on Wednesday October 22, 2003 @12:16AM (#7278593)
    Uhhh, I do business with people on the AT&T network. At least I'm reasonable sure the 1000's of clients who use e-mail to contact me use it. I wonder what I need to do to get on the list.

    Complete shock and disbelief at the first e-mail (the dreadfully short message at the bottom).

    Has anyone actually called and confirmed with the 1-800 number that this truely is AT&T, and it really is what they are saying? I'm not sure I'll believe it until I see the e-mail actually start bouncing. That's clinically insane. Do they seriously believe they'll be able to pull this off? You mean ever time a small company creates a new mail server they'll have to contact AT&T with the outgoing SMTP servers? If this starts a major trend, you mean I'll have to contact lots of major ISP's to send mail to them?

    Assuming this it to stop SPAM (what else could it be?), what's to stop a spammer from just calling up and saying I'm a legit mailer set me up? What do I do when I get assigned the IP from the old spammer? What will there policy be on setting you back up? Will there be an official form? How can they tell the Spammer just isn't dupping them a second time with a fake business?

    This sounds like a terrible idea, and like their security people haven't really thought this through. About the only thing I like about it, is that it is a sign that major ISP's are starting to play hardball. I'm curious if one of their net admins was behind some of the major black lists that just got DDoS'ed off the net. I hope they accept e-mail from anybody with a legitimate MX record at least. At least for a little while. I can't believe they aren't going to do a black list instead of a white list.

    What's the over-under on how long this takes to get pulled the plug on? There's no way this will last. It'll be a world class disaster. My guess is it won't last 15 business days.

    Kirby

  • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Wednesday October 22, 2003 @12:18AM (#7278602)

    After a few months of operation, it will become obvious that this plan is a disaster. Spam-friendly ISPs (and there are many with legit customers too) will still get on the whitelist, so incoming spam will not cease. But in the meantime, smaller ISPs around the world will get mighty pissed because their mail is rejected.

    However, if you run your own mail server you will get quite annoyed, but all hope is not lost. Here is a brilliant solution for postfix [google.com] that will let you deliver mail specifically bound for, say, attglobal.net through your ISP's hopefully whitelisted customer-use mail server instead of direct delivery. So AT&T will see your ISP's mail server connecting for this mail, while all your other mail can be delivered direct.

    I'm mighty disappointed in AT&T. This move further commercializes Internet connectivity by giving big business the green light to send any mail while blocking all the small guys. Seriously.

  • Most big corps have an army of salesmen, tech guys, whatever, roaming around the world handing out business cards with an email address printed on them. The idea is that potential customers or potential partners with actually email us and we'll do things with them that make money for the corporation. Cutting off that communication sounds like a very bad idea.

    This seems pretty odd. Is this just a small division somewhere that is trying this or THE AT&T.
  • A Hoax? (Score:3, Insightful)

    by davburns ( 49244 ) <davburns+slashdo ... m minus math_god> on Wednesday October 22, 2003 @12:22AM (#7278627) Journal
    It seems to me that, if AT&T wanted a list of mailservers which send them email, they would probably start with their own maillogs. That is going to be much more complete, and they won't sound as stupid to all their contacts.

    Even if they did come up with a complete and accurate list of non-spammer mailservers, they still need a way to continiously update it. What would they want? Everyone in the world sending them email whenever a mailserver comes or goes? (oops, no... because the new server wouldn't be on the list either.)

    AT&T cannot be this stupid. I have to think that this is a hoax. The long message vouching for the credibility of the earlier, terse message supports this idea.

    • I'm not sure that this is stupid -- my own Fortune 500 employer has been considering implementing a similar "whitelist" for incoming mail, giving preference to known vendors and customers.

      Only real difference is that most companies don't have the balls to send this kind of broadcast mail message...

      AT&T cannot be this stupid. I have to think that this is a hoax. The long message vouching for the credibility of the earlier, terse message supports this idea.

      I've received both the original short mes

  • Why not use the MX? (Score:3, Interesting)

    by droleary ( 47999 ) on Wednesday October 22, 2003 @12:23AM (#7278631) Homepage

    AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers.

    Call me dense, but why not simply accept mail only from registered mail handlers? I would also do the filtering based on the connecting server's domain MX and the From header's domain MX; neither is registered, you give a 550 error. That would stop 99% of the spam (that I get, at least) right there. Especially the virus spam that tries to turn any random Windows box into an SMTP server.

  • by dananderson ( 1880 ) on Wednesday October 22, 2003 @12:31AM (#7278670) Homepage
    I find this very hypocritical. ATT is a major service provider for spammers, mostly through their broadband service. I know because I have my own blacklist and there are hundreds of Class C blocks with ATT. ATT is very lax with enforcing any AUP they may have.
  • In an apparent attempt to quelch the amount of incoming spam, AT&T has asked their customers, partners, and business clients to provide them with IP addresses of their mail servers. All other mail will be discarded.

    When I read that, I laughed so hard I nearly spotted. In case you did hear, AT&T was the first Tier 1 ISP to have been confirmed to write a pink contract. To be balanced about it, AT&T corporate stated that the contract had been modified without permission of their legal department

  • SMTP blues (Score:5, Insightful)

    by ratfynk ( 456467 ) on Wednesday October 22, 2003 @12:48AM (#7278725) Journal
    I know this sounds crazy but the protocols are the problem. As long as there is no way to certify return addressing spam will happen. Solicitation lists just do not work for this very reason. I personally do not reply to or even consider spoofed mail. I never use html links that come in mail even if the reply address is authentic. If the person sending me mail cannot give me their real address they can go suck wind. I just wonder, if e-mail dies what will replace it? Ask Bill he has the answer, fascist style computing. Maybe this is why we have the MS worm, virus, software security problem. What a wonderful way to sell secure computing and make so called 'trusted computing' mandatory. Kill of e-mail as we know it first with Windows style security. Na ..no one could be that underhanded. Brilliant idea though and not that far from happening. Either the guy is really that brilliant or just shit lucky. It sure would cement the future of MS computing.

    The best dual boot problem solver is; dd if=/dev/urandom of=/dev/hda1 ..then cfdisk /dev/hda1 etc..

    :-( too bad I have my wife won't switch yet. I have always wanted to use that command!

  • by Anonymous Coward
    Just so that this is absolutely clear. It is my understanding that they are asking customers on their IP networks for this information. That is: they want to know the IP addresses on their IP nets of SMTP servers to whitelist incoming and outgoing mail for. I believe this mail went out to their large (enterprise?) customers which includes many downstream ISPs.

    Could anyone tell me if this letter also went out
    to customers that manage their own IP nets but buy upstream connections from AT&T. For examp
  • by Greyfox ( 87712 ) on Wednesday October 22, 2003 @01:10AM (#7278774) Homepage Journal
    I was hunting around for some info on how to set procmail up to only allow the 4 domains that I get legitimate mail from when I ran across tmda. [sourceforge.net] I decided to give it a shot instead and I haven't seen a spam since. I know that technically they're still coming in, but I went from 30-40 spams a day in my inbox to 0. Now I can ignore the problem until they start slipping through or they start consuming a significant portion of my bandwidth.
  • by Sir Haxalot ( 693401 ) on Wednesday October 22, 2003 @01:20AM (#7278813)
    127.0.0.1
  • This scheme will last as long as it takes for one of the Brand New Spam Viruses to infect a billion computers across the internet that use these whitelisted servers.

    As long as our governments are only willing to enforce the laws that make them money, the problems that plague our society will continue.

    Seriously. Call up your local police office and report the 50 spams you got. Call the FBI. The FCC. The FTC. Call as many government offices as you care to until you're blue in the face. They all have some la
    • As long as our governments are only willing to enforce the laws that make them money, the problems that plague our society will continue.

      *sigh* Your table is waiting, Mr Guevarra. Governments enforce the laws based on their percieved priority in keeping the population happy and general economic wellbeing. Laws that don't fit into this category are usually thrown out.

      Seriously. Call up your local police office and report the 50 spams you got. Call the FBI. The FCC. The FTC. Call as many government offi
      • I see. so, enforcement will fix spam? how? what are these other problems that will magically go away when the cops start poking around?

        Actually, I think enforcement against businesses that advertise through spam would work excellently. If only all (rich) countries were willing to do it...
  • If you do not respond immediately, your access may not continue...
    Please foreward this e-mail to 10 of your closest e-mail servers and you will get a free Cracker Barrel gift certificate and little Mary-Lou will get her wish of getting e-mail from every American before she dies of Lukemia. If you do not, you will have bad luck for the next 20 years!
  • Gee, our Slashdot readers literally pine for a similar setup within the community to combat spam, using items such as "trusted" lists, etc...

    The whims and ideas of a these slashdotters still doesn't account for the fact that most of the load from SPAM still has to be handled by the carrier. First to store it in the mail server, then to delete it. AT&T is simply negating the need for those two steps.

    Of course, some mail might not make it through. And of course some SPAM might make it through.
    But, gi
  • by Inoshiro ( 71693 ) on Wednesday October 22, 2003 @01:51AM (#7278901) Homepage
    Sender Permitted From [pobox.com], a handy little concept whereby DNS servers for domains publish lists of what servers are vouched for, so to speak. By only accepting email from servers which implement SPF, you reduce spam a lot. With SPF, if anyone is doing spam, it's very traceable and prosecuteable. You also cut down on people trying to fake identities.

    If everyone implements SPF, it'd solve this problem in a fairer way.
  • Get real (Score:2, Interesting)

    by FutureShoks ( 571976 )
    It really bugs me when a whole lot of SlashDotters turn around and say: "we need to dump this and switch to this" or some other stupid notion. There is no way we can suplant SMTP - it's too pervasive. We can help cut down a large proportion of spam but actually using what we already have properly:

    [1] Configure your reverse mappings for your Internet-facing machines properly. That way we can start checking on reverse lookups which would stop Joe Lusers Windows box on DSL being turned into an SMTP engine.

  • Balkanization? (Score:3, Interesting)

    by gothicpoet ( 694573 ) on Wednesday October 22, 2003 @05:09AM (#7279417) Homepage Journal
    I'll admit to being a little surprised that there aren't more people who are concerned that this could be a big step toward the much vaunted "balkanization of the Internet"...

    A lot of sort of unrelated things have been happening lately that indicate an instability in the philosophical underpinnings of the Internet. It used to be that the idea of sealing off access to areas of it would be completely anathema, as much as the idea of someone doing something like Verisign's recent Sitefinder profit-play.

    We're reaching the point where it's no longer considered completely out of the question to discuss blocking access to non-offenders. It's gone from being okay to block SMTP traffic from "non-static IPs" to being okay to block traffic from "anyone who's not on our exclusive list" within a period of months.

    Verisign has done the previously unthinkable by modifying major functions of the DNS system without so much as a "by your leave". And having gotten their hand smacked, rather than admit any wrong doing, they are politicking in the media to lay the ground work for efforts to wrest complete control of the process. What will they decide they have a right to do next? And if they get away with it, what are other (backbone providers/ISPs/you name it) going to try to see how much they in turn can get away with?

    And it doesn't look like too many people are thinking ahead to where these trends will go if not arrested. The Internet has functioned as well as it has for as long as it has because by and large the big players have all followed the rules, customs, and generally accepted way of doing things. If they all start to do whatever they please at the moment, will there still be an Internet?

  • by Eggplant62 ( 120514 ) on Wednesday October 22, 2003 @05:13AM (#7279427)
    AT&T three years ago were caught out when a "pink contract" they held with Ronnie Scelson's Cajun Hosting was brought to light by anti-spammers on news.admin.net-abuse.email. Now they're going to do something about the spam hitting their user's inboxes.

    Less spam would hit their user's inboxes if they were to sever all ties with their pet spammers. It's my own hog-fucking opinion that AT&T still has plenty of pink paper over there and are still helping spammers to stay in business. However, money still talks the loudest. Those spam contracts usually bring double or triple the going rate to ignore complaints.
  • by iceT ( 68610 ) on Wednesday October 22, 2003 @08:23AM (#7280185)
    The adminsitrative overhead along of customers/partners/suppliers changing ISPs, moving mail servers, and etc.. will pretty much insure that AT&T mail will NOT be reliable.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...