Re: [Asrg] What are the IPs that sends mail for a domain?

Bill Cole <asrg3@billmail.scconsult.com> Mon, 29 June 2009 17:35 UTC

Return-Path: <asrg3@billmail.scconsult.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 13E9C3A6B93 for <asrg@core3.amsl.com>; Mon, 29 Jun 2009 10:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.724
X-Spam-Level:
X-Spam-Status: No, score=-2.724 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bahqcf+O1EYZ for <asrg@core3.amsl.com>; Mon, 29 Jun 2009 10:35:47 -0700 (PDT)
Received: from toaster.scconsult.com (toaster.scconsult.com [66.73.230.185]) by core3.amsl.com (Postfix) with ESMTP id 2A96D3A6B91 for <asrg@irtf.org>; Mon, 29 Jun 2009 10:35:47 -0700 (PDT)
Received: from bigsky.scconsult.com (bigsky.scconsult.com [192.168.2.102]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by toaster.scconsult.com (Postfix) with ESMTP id 7942A8E091C for <asrg@irtf.org>; Mon, 29 Jun 2009 13:36:00 -0400 (EDT)
Message-ID: <4A48FB80.10709@billmail.scconsult.com>
Date: Mon, 29 Jun 2009 13:36:00 -0400
From: Bill Cole <asrg3@billmail.scconsult.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090408 Eudora/3.0b2
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <mailman.5.1245610801.29559.asrg@irtf.org> <4A3F76B8.2030409@terabites.com> <BBBA1F6A3752AE7B96888ECB@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <BBBA1F6A3752AE7B96888ECB@lewes.staff.uscs.susx.ac.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: asrg@irtf.org
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 17:35:48 -0000

Ian Eiloart wrote, On 6/22/09 10:16 AM:
>
>
> --On 22 June 2009 07:19:04 -0500 Gordon Peterson <gep2@terabites.com>
> wrote:
[...]
>> In my personal mailboxes I have (way) more than 50,000 archived
>> bounceback messages to e-mails which I have never sent... just because
>> they have a (forged, and generally invalid) From: address that is
>> supposedly in one of my domains.
>>
>> Since I haven't sent these messages (neither intentionally, nor by
>> irresponsible management of my systems here) there is NOTHING I can do to
>> prevent such messages.
>
> There is, actually. If you publish SPF records with a strong -all, then
> recipients can easily decide to reject (not bounce) messages. Add DKIM
> signatures, and they'll be able to tell when someone has forwarded your
> legitimate email.

Do you have any evidence that this actually works to any detectable degree?

I have solid proof that it is far from perfect, but I only have a handful of 
addresses that ever had significant bogus bounce flow in the one domain I 
could safely use in a SPF '-all' effectiveness test. The first 5 years of 
that test have shown a slow drop in the rate of bad bounces in general 
offered to that domain, but it isn't much more proportionally than the drop 
from a dribble to a trickle that I've seen for a domain with no SPF record. 
The noise in my minuscule and weakly controlled data makes it quantitatively 
worthless, but on a qualitative basis it makes clear that strong SPF records 
are not yet a strong universal tool for preventing blowback bounces.

If you are aware of SPF being any more useful than prayer at controlling 
blowback, please share it.