Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <iane@sussex.ac.uk> Thu, 02 July 2009 12:14 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 379AB3A67AF for <asrg@core3.amsl.com>; Thu, 2 Jul 2009 05:14:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.463
X-Spam-Level:
X-Spam-Status: No, score=-2.463 tagged_above=-999 required=5 tests=[AWL=0.136, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zpaDK7P4iKU2 for <asrg@core3.amsl.com>; Thu, 2 Jul 2009 05:14:11 -0700 (PDT)
Received: from karpinski.uscs.susx.ac.uk (karpinski.uscs.susx.ac.uk [139.184.14.85]) by core3.amsl.com (Postfix) with ESMTP id D39723A6C75 for <asrg@irtf.org>; Thu, 2 Jul 2009 05:13:49 -0700 (PDT)
Received: from seana-imac.staff.uscs.susx.ac.uk ([139.184.132.137]:60149) by karpinski.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KM5M17-0009MK-3Y for asrg@irtf.org; Thu, 02 Jul 2009 13:15:07 +0100
Date: Thu, 02 Jul 2009 13:14:11 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <8A5D3B89E14F6C6143E58D81@seana-imac.staff.uscs.susx.ac.uk>
In-Reply-To: <7ae58c220907010955u21cfb34n19d85f487e70fc56@mail.gmail.com>
References: <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it> <20090630200150.GL57980@verdi> <4A4B709C.2000109@tana.it> <7ae58c220907010742h1d273f42m8bb3c02e6b969b1@mail.gmail.com> <4A4B8090.5000507@tana.it> <7ae58c220907010955u21cfb34n19d85f487e70fc56@mail.gmail.com>
Originator-Info: login-token=Mulberry:01vZp2RSb75Kr+B8qnKcAwD+m4IxKXnyDAMgU=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2009 12:14:13 -0000

--On 1 July 2009 12:55:02 -0400 Dotzero <dotzero@gmail.com> wrote:

>
> IP Addresses are used rather than DNS names because it is
> significantly easier to dump a domain name and use a new one than to
> dump an IP address (range) and migrate to another unless there are
> compromised hosts involved. IP Addresses tend to be more trackable and
> ultimately tied to an ISP (even if that carrier is an upstream).

That depends on what you're using it for. For hard-core spammers, it's easy 
to do get new domain names. And, they don't seem to have problems getting 
hold of IP addresses on compromised hosts, either.

It's harder to get hold of IP addresses or domains with good reputation.

For sloppy marketing people (who also send significant quantities of spam), 
it's not so easy to do either.

-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/