[64387] in North American Network Operators' Group
Re: Heads-up: AT&T apparently going to whitelist-only inbound
daemon@ATHENA.MIT.EDU (Jamie Reid)
Tue Oct 21 18:06:15 2003
Date: Tue, 21 Oct 2003 18:00:11 -0400
From: "Jamie Reid" <Jamie.Reid@mbs.gov.on.ca>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_025CA56C.84E574D4
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
I'm not sure whether shadenfreude is the right word, however, it seems =
that,=20
regarding a previous conversation about cutting off users infected with =
viruses,
ATT has decided that putting a bit of stick about is the right thing to =
do.=20
It will be very interesting to see how this works out, as it may set a =
very=20
big precedent.=20
I just hope that they do it subnet by subnet over time instead of all at =
once,=20
so that the interruption can be isolated brifly to small areas over a =
longer=20
period of time. I don't envy their customers, or their security department=
for having to resort to this, but we should all be watching for the =
results,=20
as it may make or break the case for dealing with user sites that expose =
the=20
network to risk.=20
Best,=20
-j
=20
--
Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre=20
Corporate Security, MBS =20
416 327 2324=20
>>> "Jeff Wasilko" <jeffw@smoe.org> 10/21/03 05:24pm >>>
----- Forwarded message -----
Return-Path: <rm-antiattspam@ems.att.com>
Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by=20
postmaster@attrh1i.attrh.att.com)
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain
MIME-Version: 1.0
X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03)
Date: Tue, 21 Oct 2003 20:21:50 UT
Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated =
10/21/03)
From: rm-antiattspam@ems.att.com
AT&T Business Partners & Customers
AT&T has received many of the requested IP addresses in response to an=20
e-mail originally broadcast yesterday to our business partners and=20
clients. However, we have also received many concerned responses to=20
the original request.
This 2nd e-mail is to let you know that this is a legitimate AT&T=20
request asking for your cooperation, which will let us improve the=20
service that AT&T offers you and that our partnership requires. We=20
have provided a toll-free number below to help you confirm the=20
legitimacy of this request.
We have assembled the distribution list for this e-mail by looking up=20
the administrative contacts for each of the known e-mail domains we=20
currently exchange e-mail with, referencing WHOIS and other such=20
services available via the Internet.
What AT&T is asking is for you to help AT&T to restrict incoming mail=20
to just our known and trusted sources (e.g., business partners, clients=20
and customers). Therefore, we need to know which IP address(es) are=20
used by your outbound e-mail service so we can selectively permit them.=20
Please send this information to the following e-mail address=20
(rm-antiattspam@ems.att.com).
If you need assistance determining what these IP addresses are, please=20
contact your company's administrative e-mail server support / network=20
administration personnel. We regret that AT&T is burdening you with=20
this request, but our AT&T security team is advising that we take this=20
step to help safeguard our e-mail systems, which ultimately will help=20
us serve you better.
Please contact us with any concerns or questions:
AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)
Thank you for your prompt attention to this matter. We appreciate your=20
cooperation.
Sincerely,
Brian Williams, IP Network Services
Tim Scholl - District Manager, IP Network Services
Kevin O'Connell - Division Manager, Information Technology Services=20
Engineering
Bill O'Hern - Division Manager, Network Security
----- Original Message (Sent Monday, 10/20/03) -----
AT&T has an urgent situation with our anti-spam list. In order to=20
continue to allow email to AT&T you need to provide the IP addresses of=20
all your outbound email gateways. If you do not respond immediately,=20
your access may not continue. The required information should be sent=20
to rm-antiattspam@ems.att.com.
----- End forwarded message -----
--=_025CA56C.84E574D4
Content-Type: text/plain
Content-Disposition: attachment;
filename=TEXT.htm
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px">
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>I'm not sure whether shadenfreude is the right word, however,
it seems that, </FONT></DIV>
<DIV><FONT size=1>regarding a previous conversation about cutting off users
infected with viruses,</FONT></DIV>
<DIV> <FONT size=1>ATT has decided that putting a bit of stick </FONT><FONT
size=1>about is the right thing to do. </FONT></DIV>
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>It will be very interesting to see how this works </FONT><FONT
size=1>out, as it may set a very </FONT></DIV>
<DIV><FONT size=1>big precedent. </FONT></DIV>
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>I just hope that they do it subnet by subnet over
time instead of all at once, </FONT></DIV>
<DIV><FONT size=1>so that the interruption can be isolated brifly to small areas
over a longer </FONT></DIV>
<DIV><FONT size=1>period of </FONT><FONT size=1>time. I don't envy their
customers, or their security department</FONT></DIV>
<DIV><FONT size=1>for having to resort to this, but we should all be watching
for the results, </FONT></DIV>
<DIV><FONT size=1>as it may make or break the case for dealing with user sites
that expose the </FONT></DIV>
<DIV><FONT size=1>network to risk. </FONT></DIV>
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>Best, </FONT></DIV>
<DIV><FONT size=1></FONT> </DIV>
<DIV><FONT size=1>-j</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR> </DIV>
<DIV> </DIV>
<DIV>--<BR>Jamie.Reid, CISSP, <A
href="mailto:jamie.reid@mbs.gov.on.ca">jamie.reid@mbs.gov.on.ca</A><BR>Senior
Security Specialist, Information Protection Centre <BR>Corporate Security,
MBS <BR>416 327 2324 <BR>>>> "Jeff Wasilko"
<jeffw@smoe.org> 10/21/03 05:24pm >>><BR><BR>----- Forwarded
message -----<BR><BR>Return-Path:
<rm-antiattspam@ems.att.com><BR>Message-ID:
<3F80414B002D0EC2@attrh0i.attrh.att.com> (added by
<BR>postmaster@attrh1i.attrh.att.com)<BR>Content-Disposition:
inline<BR>Content-Transfer-Encoding: binary<BR>Content-Type:
text/plain<BR>MIME-Version: 1.0<BR>X-Mailer: MIME::Lite 2.102 (B2.12;
Q2.03)<BR>Date: Tue, 21 Oct 2003 20:21:50 UT<BR>Subject: *** ACTION: IP Address
of Outbound SMTP Server Requested (Updated 10/21/03)<BR>From:
rm-antiattspam@ems.att.com<BR><BR>AT&T Business Partners &
Customers<BR><BR>AT&T has received many of the requested IP addresses in
response to an <BR>e-mail originally broadcast yesterday to our business
partners and <BR>clients. However, we have also received many concerned
responses to <BR>the original request.<BR><BR>This 2nd e-mail is to let you know
that this is a legitimate AT&T <BR>request asking for your cooperation,
which will let us improve the <BR>service that AT&T offers you and that our
partnership requires. We <BR>have provided a toll-free number below
to help you confirm the <BR>legitimacy of this request.<BR><BR>We have assembled
the distribution list for this e-mail by looking up <BR>the administrative
contacts for each of the known e-mail domains we <BR>currently exchange e-mail
with, referencing WHOIS and other such <BR>services available via the
Internet.<BR><BR>What AT&T is asking is for you to help AT&T to restrict
incoming mail <BR>to just our known and trusted sources (e.g., business
partners, clients <BR>and customers). Therefore, we need to know which IP
address(es) are <BR>used by your outbound e-mail service so we can selectively
permit them. <BR>Please send this information to the following e-mail address
<BR>(rm-antiattspam@ems.att.com).<BR><BR>If you need assistance determining what
these IP addresses are, please <BR>contact your company's administrative e-mail
server support / network <BR>administration personnel. We regret
that AT&T is burdening you with <BR>this request, but our AT&T security
team is advising that we take this <BR>step to help safeguard our e-mail
systems, which ultimately will help <BR>us serve you better.<BR><BR>Please
contact us with any concerns or questions:<BR>AT&T Security Help Desk
1-800-456-4230, prompt 4 (8am - 10pm est)<BR><BR>Thank you for your prompt
attention to this matter. We appreciate your
<BR>cooperation.<BR><BR>Sincerely,<BR>Brian Williams, IP Network Services<BR>Tim
Scholl - District Manager, IP Network Services<BR>Kevin O'Connell - Division
Manager, Information Technology Services <BR>Engineering<BR>Bill O'Hern -
Division Manager, Network Security<BR><BR><BR>----- Original Message (Sent
Monday, 10/20/03) -----<BR>AT&T has an urgent situation with our anti-spam
list. In order to <BR>continue to allow email to AT&T you need to provide
the IP addresses of <BR>all your outbound email gateways. If you do not respond
immediately, <BR>your access may not continue. The required information should
be sent <BR>to rm-antiattspam@ems.att.com.<BR><BR>----- End forwarded message
-----<BR><BR></DIV></BODY></HTML>
--=_025CA56C.84E574D4--
