Re: [Asrg] What are the IPs that sends mail for a domain?

"John Johnson" <jjohnson@jdmc.org> Tue, 16 June 2009 23:03 UTC

Return-Path: <jjohnson@jdmc.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B05F3A6C17 for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 16:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O7HF9Y11MVdf for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 16:03:30 -0700 (PDT)
Received: from secure.jdmc.org (secure.jdmc.org [164.58.70.160]) by core3.amsl.com (Postfix) with ESMTP id C19283A6AA8 for <asrg@irtf.org>; Tue, 16 Jun 2009 16:03:29 -0700 (PDT)
Received: from mail (mithril@localhost) by secure.jdmc.org with ESMTP id n5GN3eZ74063 for <asrg@irtf.org>; Tue, 16 Jun 2009 18:03:40 -0500 (CDT) (envelope-from jjohnson@jdmc.org)
Received: from mail.jdmc.org (mail [164.58.70.150]) by secure.jdmc.org ([164.58.70.161]); 16 Jun 2009 18:03:40 -0500 (CDT)
Received: (qmail 15684 invoked by uid 509); 16 Jun 2009 17:56:20 -0500
Received: from 164.58.70.130 by mail.jdmc.org (envelope-from <jjohnson@jdmc.org>, uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.88.2/1480. spamassassin: 3.1.1. perlscan: 1.24-st-qms. Clear:RC:0(164.58.70.130):SA:0(-4.8/5.0):. Processed in 0.579026 secs); 16 Jun 2009 22:56:20 -0000
Received: from gatore.jdmc.org (HELO ?192.168.3.212?) (jjohnson@jdmc.org@164.58.70.130) by mail.jdmc.org with SMTP; 16 Jun 2009 17:56:20 -0500
X-Enigmail-Version: 0.95.7
References: <20090616225543.11524.qmail@simone.iecc.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090302)
X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(164.58.70.130):SA:0(-4.8/5.0):. Processed in 0.579026 secs Process 15674)
X-Antivirus-MYDOMAIN-Mail-From: jjohnson@jdmc.org via mail.jdmc.org
From: "John Johnson" <jjohnson@jdmc.org>
To: "Anti-Spam Research Group - IRTF" <asrg@irtf.org>
Date: Tue, 16 Jun 2009 18:03:34 -0500
Message-ID: <4A3824C6.8080103@jdmc.org>
In-Reply-To: <20090616225543.11524.qmail@simone.iecc.com>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7BIT
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 23:03:30 -0000

John Levine wrote:
>> How do I find if I have blocked the domain from sending to my server. Meaning, knowing the
>> domain name of the sender, how do I find the IPs from where the mail could be sent from. It
>> seems that SPF is the only tool to provide that answer? 
>>     
>
> Unless you have previous mail from the domain, I would agree SPF is your best bet.
>   
   I would also add that if your e-mail is important, having good
logging on your server
   of when the domain or ip was blocked can help speed up rectifying the
problem.

   Yes, it's after the block occurred - but so was the complaint.