Re: [Asrg] What are the IPs that sends mail for a domain?

Dotzero <dotzero@gmail.com> Wed, 01 July 2009 16:55 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C558F3A682E for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 09:55:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t3bBbshLJq6N for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 09:55:48 -0700 (PDT)
Received: from mail-vw0-f173.google.com (mail-vw0-f173.google.com [209.85.212.173]) by core3.amsl.com (Postfix) with ESMTP id DE8033A67F6 for <asrg@irtf.org>; Wed, 1 Jul 2009 09:55:47 -0700 (PDT)
Received: by vwj3 with SMTP id 3so453363vwj.15 for <asrg@irtf.org>; Wed, 01 Jul 2009 09:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=gQaS8w1Zjfxa6Onwu9ERkT2n39FXWBqA/iuDTntnMA0=; b=xk+UDGkMF6GJc9evStc99To6/Nfh74gXM8jZZeRoTpaXv/dE30fa/KstM+HiphCFwl faWAk4xT80ReOm/QEkjgsVq3sK1wnkCKKjYTUI5+O/SPWrQQhpARZI42/wngqw8fsQ9+ 9bTDGFATm1QYNSVFn43aI/3NlYhxXuHYAGk/Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=JvYlFNBrZUZQm0wwx9DApO5VkzeAwdRGsDdGZAQB9ALu9PuV5FKnUYyjHeoeL9vo0Y 0sZ8jv+9zDQAvIiVmwu2/1b8tiVMc5XDblVnSNl/iBHp1kZVj+RML8oV6MeMyiaCYLjL AcCEnxmNaB1arH7B6R6R596yNEvEK1sPtHUCM=
MIME-Version: 1.0
Received: by 10.220.90.199 with SMTP id j7mr8897123vcm.57.1246467303139; Wed, 01 Jul 2009 09:55:03 -0700 (PDT)
In-Reply-To: <4A4B8090.5000507@tana.it>
References: <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it> <20090630200150.GL57980@verdi> <4A4B709C.2000109@tana.it> <7ae58c220907010742h1d273f42m8bb3c02e6b969b1@mail.gmail.com> <4A4B8090.5000507@tana.it>
Date: Wed, 1 Jul 2009 12:55:02 -0400
Message-ID: <7ae58c220907010955u21cfb34n19d85f487e70fc56@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2009 16:55:48 -0000

On Wed, Jul 1, 2009 at 11:28 AM, Alessandro Vesely<vesely@tana.it> wrote:
> Dotzero wrote:
>>>
>>> Thus, it turns out that if an MTA does mixed MSA and old fashioned port
>>> 25
>>> relaying for its clients, its IP cannot convey accountability.
>>
>> The fact that it cannot (may not?) convey accountability does not mean
>> that it cannot or should not be held accountable for what it emits.
>
> I understand the 2nd "it" as referring to the MTA, not the IP address. It
> doesn't make much difference, since both of them are objects. AFAICS, the
> point is to hold _someone_ accountable, so that it might be theoretically
> possible to claim damage, in case. It is like an insurance, and postmasters
> tend to stipulate it with IP numbers rather than DNS names. Why?

IP Addresses are used rather than DNS names because it is
significantly easier to dump a domain name and use a new one than to
dump an IP address (range) and migrate to another unless there are
compromised hosts involved. IP Addresses tend to be more trackable and
ultimately tied to an ISP (even if that carrier is an upstream).

I tend to think less in terms of legal and claiming damage and more
along the lines of self help. Drop route (or the milder form of reject
SMTP connections) tends to have a significant impact on what one deals
with from abusive IP space. I don't necessarily recommend this as the
first response but if one does not get a response from an abuse
contact.....