North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Heads-up: AT&T apparently going to whitelist-only inboundmail
I'm not sure whether shadenfreude is the right word, however, it seems that, regarding a previous conversation about cutting off users infected with viruses, ATT has decided that putting a bit of stick about is the right thing to do. It will be very interesting to see how this works out, as it may set a very big precedent. I just hope that they do it subnet by subnet over time instead of all at once, so that the interruption can be isolated brifly to small areas over a longer period of time. I don't envy their customers, or their security department for having to resort to this, but we should all be watching for the results, as it may make or break the case for dealing with user sites that expose the network to risk. Best, -j -- Jamie.Reid, CISSP, [email protected] Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324 >>> "Jeff Wasilko" <[email protected]> 10/21/03 05:24pm >>> ----- Forwarded message ----- Return-Path: <[email protected]> Message-ID: <[email protected]> (added by [email protected]) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: [email protected] AT&T Business Partners & Customers AT&T has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request. This 2nd e-mail is to let you know that this is a legitimate AT&T request asking for your cooperation, which will let us improve the service that AT&T offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request. We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet. What AT&T is asking is for you to help AT&T to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address ([email protected]). If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that AT&T is burdening you with this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better. Please contact us with any concerns or questions: AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est) Thank you for your prompt attention to this matter. We appreciate your cooperation. Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security ----- Original Message (Sent Monday, 10/20/03) ----- AT&T has an urgent situation with our anti-spam list. In order to continue to allow email to AT&T you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to [email protected] ----- End forwarded message ----- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1252"> <META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD> <BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px"> <DIV><FONT size=1></FONT> </DIV> <DIV><FONT size=1>I'm not sure whether shadenfreude is the right word, however, it seems that, </FONT></DIV> <DIV><FONT size=1>regarding a previous conversation about cutting off users infected with viruses,</FONT></DIV> <DIV> <FONT size=1>ATT has decided that putting a bit of stick </FONT><FONT size=1>about is the right thing to do. </FONT></DIV> <DIV><FONT size=1></FONT> </DIV> <DIV><FONT size=1>It will be very interesting to see how this works </FONT><FONT size=1>out, as it may set a very </FONT></DIV> <DIV><FONT size=1>big precedent. </FONT></DIV> <DIV><FONT size=1></FONT> </DIV> <DIV><FONT size=1>I just hope that they do it subnet by subnet over time instead of all at once, </FONT></DIV> <DIV><FONT size=1>so that the interruption can be isolated brifly to small areas over a longer </FONT></DIV> <DIV><FONT size=1>period of </FONT><FONT size=1>time. I don't envy their customers, or their security department</FONT></DIV> <DIV><FONT size=1>for having to resort to this, but we should all be watching for the results, </FONT></DIV> <DIV><FONT size=1>as it may make or break the case for dealing with user sites that expose the </FONT></DIV> <DIV><FONT size=1>network to risk. </FONT></DIV> <DIV><FONT size=1></FONT> </DIV> <DIV><FONT size=1>Best, </FONT></DIV> <DIV><FONT size=1></FONT> </DIV> <DIV><FONT size=1>-j</FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV><BR> </DIV> <DIV> </DIV> <DIV>--<BR>Jamie.Reid, CISSP, <A href="mailto:[email protected]">[email protected]</A><BR>Senior Security Specialist, Information Protection Centre <BR>Corporate Security, MBS <BR>416 327 2324 <BR>>>> "Jeff Wasilko" <[email protected]> 10/21/03 05:24pm >>><BR><BR>----- Forwarded message -----<BR><BR>Return-Path: <[email protected]><BR>Message-ID: <[email protected]> (added by <BR>[email protected])<BR>Content-Disposition: inline<BR>Content-Transfer-Encoding: binary<BR>Content-Type: text/plain<BR>MIME-Version: 1.0<BR>X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03)<BR>Date: Tue, 21 Oct 2003 20:21:50 UT<BR>Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03)<BR>From: [email protected]<BR><BR>AT&T Business Partners & Customers<BR><BR>AT&T has received many of the requested IP addresses in response to an <BR>e-mail originally broadcast yesterday to our business partners and <BR>clients. However, we have also received many concerned responses to <BR>the original request.<BR><BR>This 2nd e-mail is to let you know that this is a legitimate AT&T <BR>request asking for your cooperation, which will let us improve the <BR>service that AT&T offers you and that our partnership requires. We <BR>have provided a toll-free number below to help you confirm the <BR>legitimacy of this request.<BR><BR>We have assembled the distribution list for this e-mail by looking up <BR>the administrative contacts for each of the known e-mail domains we <BR>currently exchange e-mail with, referencing WHOIS and other such <BR>services available via the Internet.<BR><BR>What AT&T is asking is for you to help AT&T to restrict incoming mail <BR>to just our known and trusted sources (e.g., business partners, clients <BR>and customers). Therefore, we need to know which IP address(es) are <BR>used by your outbound e-mail service so we can selectively permit them. <BR>Please send this information to the following e-mail address <BR>([email protected]).<BR><BR>If you need assistance determining what these IP addresses are, please <BR>contact your company's administrative e-mail server support / network <BR>administration personnel. We regret that AT&T is burdening you with <BR>this request, but our AT&T security team is advising that we take this <BR>step to help safeguard our e-mail systems, which ultimately will help <BR>us serve you better.<BR><BR>Please contact us with any concerns or questions:<BR>AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)<BR><BR>Thank you for your prompt attention to this matter. We appreciate your <BR>cooperation.<BR><BR>Sincerely,<BR>Brian Williams, IP Network Services<BR>Tim Scholl - District Manager, IP Network Services<BR>Kevin O'Connell - Division Manager, Information Technology Services <BR>Engineering<BR>Bill O'Hern - Division Manager, Network Security<BR><BR><BR>----- Original Message (Sent Monday, 10/20/03) -----<BR>AT&T has an urgent situation with our anti-spam list. In order to <BR>continue to allow email to AT&T you need to provide the IP addresses of <BR>all your outbound email gateways. If you do not respond immediately, <BR>your access may not continue. The required information should be sent <BR>to [email protected]<BR><BR>----- End forwarded message -----<BR><BR></DIV></BODY></HTML> |