Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <iane@sussex.ac.uk> Mon, 22 June 2009 14:11 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C5AB3A6AE7 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 07:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.541
X-Spam-Level:
X-Spam-Status: No, score=-2.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BDldCfidg5Jz for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 07:11:54 -0700 (PDT)
Received: from lynndie.uscs.susx.ac.uk (lynndie.uscs.susx.ac.uk [139.184.14.87]) by core3.amsl.com (Postfix) with ESMTP id 46D0A3A6945 for <asrg@irtf.org>; Mon, 22 Jun 2009 07:11:54 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:51442) by lynndie.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KLN8U4-000FC4-4U for asrg@irtf.org; Mon, 22 Jun 2009 15:13:16 +0100
Date: Mon, 22 Jun 2009 15:12:08 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <247DB2D923FD71677CC1D4FA@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <BD23C7D8-9E95-45CA-93F3-80F9726F889C@mail-abuse.org>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <Pine.GSO.4.64.0906161906450.27272@nber6.nber.org> <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com> <2F26F23C-F1B4-4FD4-BAEB-53168072FF5D@mail-abuse.org> <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <C8F0F10E-E1A4-4D25-AF20-31E3F0DB68DF@mail-abuse.org> <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <BD23C7D8-9E95-45CA-93F3-80F9726F889C@mail-abuse.org>
Originator-Info: login-token=Mulberry:01xAsQiS1sfu4FeGTrMDE3gIP8KoMx4ycxOXY=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 14:11:55 -0000

--On 21 June 2009 23:34:16 -0700 Douglas Otis <dotis@mail-abuse.org> wrote:

>
> On Jun 20, 2009, at 12:20 PM, Alessandro Vesely wrote:
>
...
>> OTOH, sender identification by domain could also be a way to
>> attribute responsibility. Strictly speaking, it is not necessary to
>> use a domain in order to send as an SMTP client. However, in
>> practice one needs an email address to do any legitimate use of
>> SMTP, and hence a domain is required.
>
> Technically speaking, a domain is not required for SMTP.   CSV was to
> offer a DNS record type that explicitly declared a host as being an
> outbound MTA.  This would not in itself prevent abuse, but would help to
> determine which compromised systems might be sending email and resolving
> which domain is administrating the MTA.
>
> SPF does not work well at resolving a domain that should be held
> accountable for a few reasons-
>
>   a) risks high and impractical transaction overheads at attempts to
> indirectly reference the customers of a provider.

Er, we already have ridiculous transaction overheads for email. Anything 
that stopped spam would reduce the transaction overheads for legitimate 
email by up to ten fold.

>   b) may not qualify any specific IP address for a positive result.

I'm not sure what that phrase means. If it means that some lookups result 
in softfail or neutral results, then that actually doesn't matter much. The 
passes and the fails still get us useful information. Anything else just 
puts us back where we were before.

>   c) Mail From or PRA references do not resolve which domain administered
> the MTA or actually sent the message.

It doesn't matter. If the domain owner devolves responsibility to the IP 
address owner, then the mail is effectively from the domain owner, and they 
can be held responsible for their email. Reputation services, and the law 
can be applied as appropriate.

>   d) holds customers of a provider accountable for the provider's
> stewardship without any solid evidence of their involvement.

Please expand, I don't understand this either.

>>>>> Schemes that pass accountability onto what might be feckless
>>>>> domain owners are inherently evil.
>>>>
>>>> I disagree, _provided_ accountability is actually passed on.
>>
>> +1
>
> There should be greater concern accountability is correctly applied.
>

If the domain owners are feckless, then apply sanctions. Accountability HAS 
to lie with domain owners if you want to establish reputation services 
based on domain names, and most people do want to do that. If the domain 
owner is found to be feckless, then reputation sanctions should be applied.

-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/