Re: [Asrg] What are the IPs that sends mail for a domain?

Steve Atkins <steve@blighty.com> Sat, 20 June 2009 21:47 UTC

Return-Path: <steve@blighty.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F8A03A6CF1 for <asrg@core3.amsl.com>; Sat, 20 Jun 2009 14:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n28YOXdt898o for <asrg@core3.amsl.com>; Sat, 20 Jun 2009 14:47:31 -0700 (PDT)
Received: from m.wordtothewise.com (fruitbat.wordtothewise.com [208.187.80.135]) by core3.amsl.com (Postfix) with ESMTP id DAB833A6801 for <asrg@irtf.org>; Sat, 20 Jun 2009 14:47:31 -0700 (PDT)
Received: from [192.168.1.64] (75-25-136-172.lightspeed.plalca.sbcglobal.net [75.25.136.172]) by m.wordtothewise.com (Postfix) with ESMTP id 918E580678 for <asrg@irtf.org>; Sat, 20 Jun 2009 14:47:31 -0700 (PDT)
Message-Id: <5943DAE6-6121-43F3-A152-732C3728EF48@blighty.com>
From: Steve Atkins <steve@blighty.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <15942168.11245533549248.JavaMail.franck@somehost-4.sv2.equinix.net>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Sat, 20 Jun 2009 14:47:43 -0700
References: <15942168.11245533549248.JavaMail.franck@somehost-4.sv2.equinix.net>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jun 2009 21:47:32 -0000

On Jun 20, 2009, at 2:33 PM, Franck Martin wrote:

>
> ----- "Alessandro Vesely" <vesely@tana.it> wrote:
>>
>> What do you mean by "problematic users"? Providers of residential
>> cables, WiMAX, and similar connections could block or redirect port
>> 25, just like most universities and companies do. They used to do it,
>>
>> as long as they provided mailboxes as a bonus and ISP and ESP were
>> synonyms. Submission port 587 is not yet universally employed, and
>> some customer may not accept to be unable to reach their favorite
>> server's ports 25 or 465. "Blocking port 25 except for a set of
>> servers used for submission" is not something that can be easily
>> defined and maintained by ISPs, IMHO.
>>
>
> yes I'm not sure that blocking port 25 will ever be possible. I  
> think less and less people want their mailbox tied up to an ISP,  
> this is why they get a mailbox on yahoo, google, etc... So these  
> services requires you usualy to connect via port 25 and authenticate,

Nope, port 587.

> but that means for the ISP to let port 25 open. Blocking port 25 and  
> letting port smtps/465 open to allow users to still submit email is  
> better, but just a temporaray measures until botnet use smtps to  
> submit.

You're conflating two quite different things here, SMTP submission and  
SMTP delivery.

Blocking port 25 outbound (and ideally, inbound) allows an ISP to  
prevent their customers from delivering email directly to recipient  
MXes. It does not prevent their customers from using third-party  
smarthosts at all, as everyone who is intentionally running a third  
party smarthost is listening on port 587.

Bots using port 587 (not 465, that's mostly obsolete) to submit mail  
is a wholly different issue. A bot doing that needs credentials to do  
so (a username and password) and misuse of those credentials will lead  
to them being revoked.

Cheers,
   Steve