Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Fri, 19 June 2009 10:54 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7EA393A6B49 for <asrg@core3.amsl.com>; Fri, 19 Jun 2009 03:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.632
X-Spam-Level:
X-Spam-Status: No, score=-0.632 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uiz6DvdgUNqk for <asrg@core3.amsl.com>; Fri, 19 Jun 2009 03:54:09 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 0406C3A6A05 for <asrg@irtf.org>; Fri, 19 Jun 2009 03:54:08 -0700 (PDT)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Fri, 19 Jun 2009 12:54:17 +0200 id 00000000005DC030.000000004A3B6E59.00003984
Message-ID: <4A3B6E59.5010002@tana.it>
Date: Fri, 19 Jun 2009 12:54:17 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20090617175332.5169.qmail@simone.iecc.com>
In-Reply-To: <20090617175332.5169.qmail@simone.iecc.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2009 10:54:10 -0000

John Levine wrote:
>>Isn't the FQDN for a host the host name "dot" the domain name?
> 
> The FQDN for a host is the host's FQDN.  As we've all noted, there's
> lots of heuristics to guess domain names, none of which work.

What about the other way around: given a domain and an IP address, can 
we say whether the IP address "is a member of" the domain?

Vhlo mentions the following three ways to determine that, without 
apparently resorting to heuristics. I'm wondering how sound it is to 
rely on those, or similar, techniques.

* rDNS returns a name whose right part matches the domain name,
* an MX record for the domain mentions a host with the given IP,
* the IP address passes the SPF check for that domain.