Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Fri, 19 June 2009 06:41 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E699E3A682B for <asrg@core3.amsl.com>; Thu, 18 Jun 2009 23:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.719
X-Spam-Level:
X-Spam-Status: No, score=-0.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1NwmKp-iMA4O for <asrg@core3.amsl.com>; Thu, 18 Jun 2009 23:41:37 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id ECAC13A6810 for <asrg@irtf.org>; Thu, 18 Jun 2009 23:41:36 -0700 (PDT)
Received: from mach-4.tana.it (mach-4.tana.it [194.243.254.189]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Fri, 19 Jun 2009 08:41:43 +0200 id 00000000005DC030.000000004A3B3328.00001D75
Message-ID: <4A3B3335.6040507@tana.it>
Date: Fri, 19 Jun 2009 08:41:57 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <Pine.GSO.4.64.0906161906450.27272@nber6.nber.org> <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com> <2F26F23C-F1B4-4FD4-BAEB-53168072FF5D@mail-abuse.org> <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <C8F0F10E-E1A4-4D25-AF20-31E3F0DB68DF@mail-abuse.org> <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG>
In-Reply-To: <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2009 06:41:38 -0000

der Mouse wrote:
> Responsibility, in the sense of accountability for (potential) abuse,
> is a meatspace thing, not amentable to being part of a network
> protocol, so at least _some_ of this must be done out-of-band with
> respect to the protocol.

On thefreedictionary I read
   Synonyms:  responsible, answerable, liable, accountable, amenable
   These adjectives share the meaning obliged to answer, as for one's
   actions, to an authority that may impose a penalty for failure.

Because the IETF cannot even enforce protocol compliance, addressing 
responsibility implies identifying an authority that has the power 
of imposing some kind of penalty.

>> Providers MUST be held _directly_ accountable.
> 
> Right.  But until this is fixed at the top, I see little hope it will
> happen in the lower levels, except sporadically.  (The places that do
> do it are exceptional, and, in the cases where I'm in a position to
> know why they do it, they do it not because they are held accountable
> by whoever assigned the resources to them but because they are ethical
> enough to feel a compulsion to do what's right even when they're _not_
> overtly held accountable.  While this mindset is common enough for us
> to have words for it, it is not nearly common enough to save the net
> from the disasters that governmental disconnect between authority and
> responsibility leads to.)

I think we can safely withdraw the naive picture where carriers act 
as authorities, and forget about the possibility that anything will 
be eventually "fixed at the top", except for possible devout 
beliefs. On this Earth, ethical mindsets are still powerful 
intellectual tools that bring visions and may allow to plan for 
decades. Although such planning usually results in optimization of 
revenues in the long run, uncertainty about the future wreaks those 
greedy and short-sighted behaviors that currently are the norm.

To cope with that, protocols need to introduce ad-hoc authorities 
whenever responsibility is required. For mail, those may involve 
DNSBLs, CAs, VBR vouchers, and similar kinds of independent 
organizations. We are already relying on them, unofficially. For 
increased cooperation, we better make that explicit.