North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Heads-up: AT&T apparently going to whitelist-only inboundmail

  • From: Jamie Reid
  • Date: Tue Oct 21 18:08:51 2003

I'm not sure whether shadenfreude is the right word, however, it seems that, 
regarding a previous conversation about cutting off users infected with viruses,
 ATT has decided that putting a bit of stick about is the right thing to do. 

It will be very interesting to see how this works out, as it may set a very 
big precedent. 

I just  hope that they do it subnet by subnet over time instead of all at once, 
so that the interruption can be isolated brifly to small areas over a longer 
period of time.  I don't envy their customers, or their security department
for having to resort to this, but we should all be watching for the results, 
as it may make or break the case for dealing with user sites that expose the 
network to risk. 

Best, 

-j


 




--
Jamie.Reid, CISSP, [email protected]
Senior Security Specialist, Information Protection Centre 
Corporate Security, MBS  
416 327 2324 
>>> "Jeff Wasilko" <[email protected]> 10/21/03 05:24pm >>>

----- Forwarded message -----

Return-Path: <[email protected]>
Message-ID: <[email protected]> (added by 
[email protected])
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain
MIME-Version: 1.0
X-Mailer: MIME::Lite 2.102  (B2.12; Q2.03)
Date: Tue, 21 Oct 2003 20:21:50 UT
Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03)
From: [email protected]

AT&T Business Partners & Customers

AT&T has received many of the requested IP addresses in response to an 
e-mail originally broadcast yesterday to our business partners and 
clients.  However, we have also received many concerned responses to 
the original request.

This 2nd e-mail is to let you know that this is a legitimate AT&T 
request asking for your cooperation, which will let us improve the 
service that AT&T offers you and that our partnership requires.   We 
have provided a toll-free number below to help you confirm the 
legitimacy of this request.

We have assembled the distribution list for this e-mail by looking up 
the administrative contacts for each of the known e-mail domains we 
currently exchange e-mail with, referencing WHOIS and other such 
services available via the Internet.

What AT&T is asking is for you to help AT&T to restrict incoming mail 
to just our known and trusted sources (e.g., business partners, clients 
and customers).  Therefore, we need to know which IP address(es) are 
used by your outbound e-mail service so we can selectively permit them. 
Please send this information to the following e-mail address 
([email protected]).

If you need assistance determining what these IP addresses are, please 
contact your company's administrative e-mail server support / network 
administration personnel.   We regret that AT&T is burdening you with 
this request, but our AT&T security team is advising that we take this 
step to help safeguard our e-mail systems, which ultimately will help 
us serve you better.

Please contact us with any concerns or questions:
AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)

Thank you for your prompt attention to this matter.  We appreciate your 
cooperation.

Sincerely,
Brian Williams, IP Network Services
Tim Scholl - District Manager, IP Network Services
Kevin O'Connell - Division Manager, Information Technology Services 
Engineering
Bill O'Hern - Division Manager, Network Security


----- Original Message (Sent Monday, 10/20/03) -----
AT&T has an urgent situation with our anti-spam list. In order to 
continue to allow email to AT&T you need to provide the IP addresses of 
all your outbound email gateways. If you do not respond immediately, 
your access may not continue. The required information should be sent 
to [email protected]

----- End forwarded message -----
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px">
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>I'm not sure whether shadenfreude is the right word, however, 
it seems that, </FONT></DIV>
<DIV><FONT size=1>regarding a previous conversation about cutting off&nbsp;users 
infected with viruses,</FONT></DIV>
<DIV>&nbsp;<FONT size=1>ATT has decided that putting a bit of stick </FONT><FONT 
size=1>about is the right thing to do. </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>It will be very interesting to see how this works </FONT><FONT 
size=1>out, as it may set a very </FONT></DIV>
<DIV><FONT size=1>big precedent. </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>I&nbsp;just &nbsp;hope that they do it subnet by subnet over 
time instead of all at once, </FONT></DIV>
<DIV><FONT size=1>so that the interruption can be isolated brifly to small areas 
over a longer </FONT></DIV>
<DIV><FONT size=1>period of </FONT><FONT size=1>time.&nbsp; I don't envy their 
customers, or their security department</FONT></DIV>
<DIV><FONT size=1>for having to resort to this, but we should all be watching 
for the results, </FONT></DIV>
<DIV><FONT size=1>as it may make or break the case for dealing with user sites 
that expose the </FONT></DIV>
<DIV><FONT size=1>network to risk. </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>Best, </FONT></DIV>
<DIV><FONT size=1></FONT>&nbsp;</DIV>
<DIV><FONT size=1>-j</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>--<BR>Jamie.Reid, CISSP, <A 
href="mailto:[email protected]";>[email protected]</A><BR>Senior 
Security Specialist, Information Protection Centre <BR>Corporate Security, 
MBS&nbsp; <BR>416 327 2324 <BR>&gt;&gt;&gt; "Jeff Wasilko" 
&lt;[email protected]&gt; 10/21/03 05:24pm &gt;&gt;&gt;<BR><BR>----- Forwarded 
message -----<BR><BR>Return-Path: 
&lt;[email protected]&gt;<BR>Message-ID: 
&lt;[email protected]&gt; (added by 
<BR>[email protected])<BR>Content-Disposition: 
inline<BR>Content-Transfer-Encoding: binary<BR>Content-Type: 
text/plain<BR>MIME-Version: 1.0<BR>X-Mailer: MIME::Lite 2.102&nbsp; (B2.12; 
Q2.03)<BR>Date: Tue, 21 Oct 2003 20:21:50 UT<BR>Subject: *** ACTION: IP Address 
of Outbound SMTP Server Requested (Updated 10/21/03)<BR>From: 
[email protected]<BR><BR>AT&amp;T Business Partners &amp; 
Customers<BR><BR>AT&amp;T has received many of the requested IP addresses in 
response to an <BR>e-mail originally broadcast yesterday to our business 
partners and <BR>clients.&nbsp; However, we have also received many concerned 
responses to <BR>the original request.<BR><BR>This 2nd e-mail is to let you know 
that this is a legitimate AT&amp;T <BR>request asking for your cooperation, 
which will let us improve the <BR>service that AT&amp;T offers you and that our 
partnership requires.&nbsp;&nbsp; We <BR>have provided a toll-free number below 
to help you confirm the <BR>legitimacy of this request.<BR><BR>We have assembled 
the distribution list for this e-mail by looking up <BR>the administrative 
contacts for each of the known e-mail domains we <BR>currently exchange e-mail 
with, referencing WHOIS and other such <BR>services available via the 
Internet.<BR><BR>What AT&amp;T is asking is for you to help AT&amp;T to restrict 
incoming mail <BR>to just our known and trusted sources (e.g., business 
partners, clients <BR>and customers).&nbsp; Therefore, we need to know which IP 
address(es) are <BR>used by your outbound e-mail service so we can selectively 
permit them. <BR>Please send this information to the following e-mail address 
<BR>([email protected]).<BR><BR>If you need assistance determining what 
these IP addresses are, please <BR>contact your company's administrative e-mail 
server support / network <BR>administration personnel.&nbsp;&nbsp; We regret 
that AT&amp;T is burdening you with <BR>this request, but our AT&amp;T security 
team is advising that we take this <BR>step to help safeguard our e-mail 
systems, which ultimately will help <BR>us serve you better.<BR><BR>Please 
contact us with any concerns or questions:<BR>AT&amp;T Security Help Desk 
1-800-456-4230, prompt 4 (8am - 10pm est)<BR><BR>Thank you for your prompt 
attention to this matter.&nbsp; We appreciate your 
<BR>cooperation.<BR><BR>Sincerely,<BR>Brian Williams, IP Network Services<BR>Tim 
Scholl - District Manager, IP Network Services<BR>Kevin O'Connell - Division 
Manager, Information Technology Services <BR>Engineering<BR>Bill O'Hern - 
Division Manager, Network Security<BR><BR><BR>----- Original Message (Sent 
Monday, 10/20/03) -----<BR>AT&amp;T has an urgent situation with our anti-spam 
list. In order to <BR>continue to allow email to AT&amp;T you need to provide 
the IP addresses of <BR>all your outbound email gateways. If you do not respond 
immediately, <BR>your access may not continue. The required information should 
be sent <BR>to [email protected]<BR><BR>----- End forwarded message 
-----<BR><BR></DIV></BODY></HTML>