AT&T spam filter loses valid e-mail

AT&T WorldNet has to defuse a risky spam-filtering technique introduced only a day ago after subscribers discover they are losing legitimate e-mail.

Stefanie Olsen Staff writer, CNET News
Stefanie Olsen covers technology and science.
Stefanie Olsen
3 min read
AT&T WorldNet this week activated a risky spam-filtering technique that it shortly had to defuse after subscribers discovered they were losing legitimate e-mail.

Late Wednesday night, the Web access provider instituted a new junk e-mail filtering rule in an attempt to stanch an ever-rising tide of unsolicited commercial messages to its subscribers, which number in the millions. But because of the unreliable nature of the technique, some messages from friends and colleagues to AT&T subscribers were never delivered, without either sender or recipient being notified of the missed message.

"While we were attempting to do good...we realized that legitimate e-mails were being rejected, so we removed that filtering rule," said Janet Wyles, an AT&T WorldNet spokeswoman. She added that the filter was removed 24 hours after it was implemented, but the company plans to reinstate it after some kinks are ironed out late Friday.

AT&T notified its subscribers of the problem by posting a notice to its Web site; the company plans to e-mail customers as well. AT&T WorldNet's support staff directed subscribers to use an alternate e-mail address, so as not to disrupt business or personal affairs.

AT&T WorldNet is one of the first major Internet service providers to use a technique known as "reverse DNS lookups" to block spam. Many smaller ISPs and networks use the method with mixed results.

Essentially, the technique calls for an ISP to program its servers to relate an e-mail's originating IP (Internet Protocol) address to a valid domain name or Web address by looking it up in a DNS database. If it cannot find a valid owner, the message is dropped.

Every IP address maps to a domain name, but depending on the architecture of the network--whether a server answers to multiple domain names--the mapping may or may not go through. The method can be effective because many spammers use fake IP addresses to deliver commercial messages, so as to elude detection by spam fighters.

"It can block some spam, but it's a dangerous tactic because it can block legit mail for valid reasons," said Ray Everett-Church, chief privacy officer for consultancy EPrivacy Group, based in Philadelphia.

"Many service providers have been experimenting with performing this reverse DNS lookup on servers for the delivery of e-mail," he said. "But it's been a mixed success, given that you'd be surprised how few networks are properly configured to provide correct reverse domain name service."

For its part, AT&T says it is trying to get it right, to protect its customers from spam.

The company already uses spam filtering tools from San Francisco-based software company Brightmail with great success, Wyles said. But she said AT&T WorldNet still plans to implement its new filter correctly by the end of Friday. "Spam just continues to multiply like nothing we've seen before, and we are vigilant about minimizing the amount of spam," she said. "We intend to do this right."

Analysts said that AT&T WorldNet is eager to set itself apart in the ISP industry by instilling iron-clad e-mail filtering tools that match, or best, those of its competitors.

It's also working hard to catch up in the broadband market, where rivals are gaining traction. The company recently announced an expanded outsourcing agreement with broadband provider Covad Communications. AT&T WorldNet commands only about 5 percent of the ISP market, behind EarthLink.

"This is another way to differentiate themselves and to give consumers what they expect from their ISP," said Jed Kolko, principal analyst at Forrester Research. "E-mail remains one of the most important applications consumers look to their ISP for, despite the rise of Web-based e-mail services and the rise of spam."