Re: [Asrg] What are the IPs that sends mail for a domain?

Bill Cole <> Mon, 29 June 2009 17:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 13E9C3A6B93 for <>; Mon, 29 Jun 2009 10:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.724
X-Spam-Status: No, score=-2.724 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Bahqcf+O1EYZ for <>; Mon, 29 Jun 2009 10:35:47 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 2A96D3A6B91 for <>; Mon, 29 Jun 2009 10:35:47 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTP id 7942A8E091C for <>; Mon, 29 Jun 2009 13:36:00 -0400 (EDT)
Message-ID: <>
Date: Mon, 29 Jun 2009 13:36:00 -0400
From: Bill Cole <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090408 Eudora/3.0b2
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <>
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Jun 2009 17:35:48 -0000

Ian Eiloart wrote, On 6/22/09 10:16 AM:
> --On 22 June 2009 07:19:04 -0500 Gordon Peterson <>
> wrote:
>> In my personal mailboxes I have (way) more than 50,000 archived
>> bounceback messages to e-mails which I have never sent... just because
>> they have a (forged, and generally invalid) From: address that is
>> supposedly in one of my domains.
>> Since I haven't sent these messages (neither intentionally, nor by
>> irresponsible management of my systems here) there is NOTHING I can do to
>> prevent such messages.
> There is, actually. If you publish SPF records with a strong -all, then
> recipients can easily decide to reject (not bounce) messages. Add DKIM
> signatures, and they'll be able to tell when someone has forwarded your
> legitimate email.

Do you have any evidence that this actually works to any detectable degree?

I have solid proof that it is far from perfect, but I only have a handful of 
addresses that ever had significant bogus bounce flow in the one domain I 
could safely use in a SPF '-all' effectiveness test. The first 5 years of 
that test have shown a slow drop in the rate of bad bounces in general 
offered to that domain, but it isn't much more proportionally than the drop 
from a dribble to a trickle that I've seen for a domain with no SPF record. 
The noise in my minuscule and weakly controlled data makes it quantitatively 
worthless, but on a qualitative basis it makes clear that strong SPF records 
are not yet a strong universal tool for preventing blowback bounces.

If you are aware of SPF being any more useful than prayer at controlling 
blowback, please share it.