Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <iane@sussex.ac.uk> Mon, 22 June 2009 13:58 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF9953A6DB9 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 06:58:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.538
X-Spam-Level:
X-Spam-Status: No, score=-2.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8J8ftji8PV1 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 06:58:31 -0700 (PDT)
Received: from lynndie.uscs.susx.ac.uk (lynndie.uscs.susx.ac.uk [139.184.14.87]) by core3.amsl.com (Postfix) with ESMTP id EA4D03A6862 for <asrg@irtf.org>; Mon, 22 Jun 2009 06:58:30 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:51324) by lynndie.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KLN87N-000BYN-DG for asrg@irtf.org; Mon, 22 Jun 2009 14:59:47 +0100
Date: Mon, 22 Jun 2009 14:59:01 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <EFF1CE90263B9E8BC0C8DF19@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <4A3F7AAC.8030402@tana.it>
References: <20090617175332.5169.qmail@simone.iecc.com> <4A3B6E59.5010002@tana.it> <BA2257A830C1667CF12F63DD@lewes.staff.uscs.susx.ac.uk> <4A3F7AAC.8030402@tana.it>
Originator-Info: login-token=Mulberry:01edirteI5GRq6Rf8X5f7sTR4o31DMD9z+7kM=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 13:58:31 -0000

--On 22 June 2009 14:35:56 +0200 Alessandro Vesely <vesely@tana.it> wrote:

> Ian Eiloart wrote:
>> --On 19 June 2009 12:54:17 +0200 Alessandro Vesely <vesely@tana.it>
>> wrote:
>>> What about the other way around: given a domain and an IP address, can
>>> we say whether the IP address "is a member of" the domain?
>> [...]
>> The DNS is used to express relationships between IP addresses and domain
>> names, but there are many types of relationship - like MX records, A
>> records.
>
> A records. MX bear no IP address. Other records may hold an IP address,
> e.g. TXT, thus providing possibly weaker relationships.
>
>> "is a member of" sounds like it might mean "is owned by" or "is
>> assigned to", but IP addresses are assigned to real world organisations,
>> not domain names.
>
> You're right, the admins of a domain may put whatever A records in their
> zone files. I have to add that I get the domain name _from_ the given IP.
> In that case, if I'm able to find a record in the domain's zone that
> confirms that relationship, can I safely deduce that the membership
> relation holds?
>
>> There's no necessary relationship when sending SMTP, unfortunately.
>
> Agreed. But why do you say "unfortunately"? Do you mean that it would
> always be preferable to attribute responsibility based on the IP
> delegation hierarchy, rather than on the names' one, or have we always
> tried to go the former way just because the IP address of the remote host
> is easier to obtain?

We use IP address reputation services because there's nothing else we can 
use, in the absence of some way to authenticate the sender address. Of 
course, those mechanisms exist and are widely deployed but not universally, 
or even by a majority of domains. When they become so, we'll no doubt see 
domain based reputation services, and even address based reputation 
services being used as much as IP address reputation services are.

> _______________________________________________
> Asrg mailing list
> Asrg@irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/