] In an apparent attempt to quelch the amount of incoming
] spam, AT&T has asked their customers, partners, and
] business clients to provide them with IP addresses of
] their mail servers.

AT&T goes whitelist. I almost memed this last night when it got posted to Nanog... I'm still on the fence about its importance.

1. I think that whitelisting is the way to solve the spam problem. IF we can enable white lists then in the beginning there will be hassles associated with approving new people onto the whitelist. Technology can replace those hassles with a computational burden, and eventually you reach a place where the internet seems as open as it is today, but there simply is no spam. Replacing the hassle of manual whitelist maintenance with a computational burden will not happen when the default response to the hassle is to not use whitelisting. Improvements will only be widely deployed in response to an existing system. There may be a bit of an arms race over authenticating the whitelist, but the spammers will loose that fight.

2. Almost all the commentary about this on Nanog and Slashdot has been negative. If people are unable to see the long term benefit of this they won't cut over, and we will be stuck with incomplete anti-spam solutions for ever. It will be interesting to see if AT&T's admins will win out over the negative feedback. If they do, this announcement could be the beginning of the end of spam.

3. The problem with authenticating mailservers is some day you are going to end up with legitimate customers on the same mailserver as a spammer. You need to be able to authenticate individual senders AND mailservers depending on the situation.

4. This whitelist system can obviously be applied as a censorship technology, particularly if there is some sort of whitelist sharing system controlled by a central authority. Ultimately, the best way to defend against that is to run the whitelist on your PC and not on a centralized mailserver.