I'm not sure whether shadenfreude is the right word, however, it seems that,
regarding a previous conversation about cutting off users infected with viruses,
 ATT has decided that putting a bit of stick about is the right thing to do.
It will be very interesting to see how this works out, as it may set a very
big precedent.
I just  hope that they do it subnet by subnet over time instead of all at once,
so that the interruption can be isolated brifly to small areas over a longer
period of time.  I don't envy their customers, or their security department
for having to resort to this, but we should all be watching for the results,
as it may make or break the case for dealing with user sites that expose the
network to risk.

Jamie.Reid, CISSP, jamie.reid@mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre
Corporate Security, MBS 
416 327 2324
>>> "Jeff Wasilko" <jeffw@smoe.org> 10/21/03 05:24pm >>>

----- Forwarded message -----

Return-Path: <rm-antiattspam@ems.att.com>
Message-ID: <3F80414B002D0EC2@attrh0i.attrh.att.com> (added by
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain
MIME-Version: 1.0
X-Mailer: MIME::Lite 2.102  (B2.12; Q2.03)
Date: Tue, 21 Oct 2003 20:21:50 UT
Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03)
From: rm-antiattspam@ems.att.com

AT&T Business Partners & Customers

AT&T has received many of the requested IP addresses in response to an
e-mail originally broadcast yesterday to our business partners and
clients.  However, we have also received many concerned responses to
the original request.

This 2nd e-mail is to let you know that this is a legitimate AT&T
request asking for your cooperation, which will let us improve the
service that AT&T offers you and that our partnership requires.   We
have provided a toll-free number below to help you confirm the
legitimacy of this request.

We have assembled the distribution list for this e-mail by looking up
the administrative contacts for each of the known e-mail domains we
currently exchange e-mail with, referencing WHOIS and other such
services available via the Internet.

What AT&T is asking is for you to help AT&T to restrict incoming mail
to just our known and trusted sources (e.g., business partners, clients
and customers).  Therefore, we need to know which IP address(es) are
used by your outbound e-mail service so we can selectively permit them.
Please send this information to the following e-mail address

If you need assistance determining what these IP addresses are, please
contact your company's administrative e-mail server support / network
administration personnel.   We regret that AT&T is burdening you with
this request, but our AT&T security team is advising that we take this
step to help safeguard our e-mail systems, which ultimately will help
us serve you better.

Please contact us with any concerns or questions:
AT&T Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est)

Thank you for your prompt attention to this matter.  We appreciate your

Brian Williams, IP Network Services
Tim Scholl - District Manager, IP Network Services
Kevin O'Connell - Division Manager, Information Technology Services
Bill O'Hern - Division Manager, Network Security

----- Original Message (Sent Monday, 10/20/03) -----
AT&T has an urgent situation with our anti-spam list. In order to
continue to allow email to AT&T you need to provide the IP addresses of
all your outbound email gateways. If you do not respond immediately,
your access may not continue. The required information should be sent
to rm-antiattspam@ems.att.com.

----- End forwarded message -----