Human Error Leads to AT&T’s Anti-Spam Gaffe

Telco giant AT&T on Wednesday rushed to withdraw two notices sent to business partners and customers asking for the IP addresses of all outbound SMTP servers because of a “human error” gaffe.

With a significant increase in incoming spam over the past few days, AT&T sent out the notices demanding the IP addresses, presumably to create a white list of gateways from which e-mail will be accepted. But a company spokesman now says customers should ignore the requests.

“Those e-mails went out in error. They never should have been sent. We have apologized and we’re requesting that customers disregard them,” AT&T spokesman Dave Johnson told internetnews.com.

“It was an honest human error. Sometimes, folks makes mistakes,” Johnson said.

The first notice sent by AT&T included a warning that e-mail access would be cut off if the IP addresses of the SMTP gateways were not provided.

“AT&T has an urgent situation with our anti-spam list. In order to continue to allow e-mail to AT&T you need to provide the IP addresses of all your outbound e-mail gateways. If you do not respond immediately, your access may not continue,” according to the notice.

AT&T, which has struggled
mightily to deal with the spam
nightmare, said the decision to restrict incoming mail to “known and trusted sources” (whitelists) was part of efforts to improve its services to partners.

“We need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them,” the company explained. “We regret that AT&T is burdening you with
this request, but our AT&T security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better.”

Ironically, AT&T’s notice was mass-mailed to possibly thousands of AT&T’s enterprise clients and customers, prompting some rumblings that the company was itself “spamming” customers with this new anti-spam initiative.

The AT&T spokesman could not explain why a second notice was sent out confirming the authenticity of the first request. In that second notice, AT&T explained that the distribution list for the notice was assembled by looking up administrative contacts for business partners and referencing the WHOIS , which is an Internet utility that returns information about a domain name or IP address.

“Our team was brainstorming possible approaches to dealing with the increase in spam over the past few days and this [the request for IP addresses] was one of the possibilities. But, we didn’t want the notices sent. It was only one of options available to us. However, humans make mistakes and this one escaped,” Johnson added.

“As of this morning, the level of incoming e-mail messages is returning to normal. The situation appears well in hand and our mail servers are all fully operational at this time,” Johnson said.

He said some AT&T customers would experience mail delivery delays because of “comprehensive spam filtering at the network gateway” but insisted the spam overload was under control.

Generally, network administrators have used blacklists to thwart incoming spam from known spammers. Blacklisted IP and e-mail addresses are not allowed to send mail to a user or organization. However, in the ongoing cat-and-mouse games, spammers have found ways to circumvent blacklists.