Re: [Asrg] What are the IPs that sends mail for a domain?

John Levine <johnl@taugh.com> Mon, 22 June 2009 12:51 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E8CC28C1DA for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 05:51:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.199
X-Spam-Level:
X-Spam-Status: No, score=-19.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFRDIDv0-eMC for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 05:51:11 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id DC56428C1D9 for <asrg@irtf.org>; Mon, 22 Jun 2009 05:51:10 -0700 (PDT)
Received: (qmail 19601 invoked from network); 22 Jun 2009 12:51:25 -0000
Received: from mail1.iecc.com (208.31.42.56) by mail1.iecc.com with QMQP; 22 Jun 2009 12:51:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906; olt=johnl@user.iecc.com; bh=0JkAN32f8kP/gEVbu4kUKc98Y6TocgV4rEzaZ+Ml6tc=; b=IijWVi5bBUxOPslF2KKD21knbgWPsA1cxh9kA9u84vC0NWVQy89MORZWr6yhvo0r4J1U1S53re/f3SPVCUwuQAQxNZb0SBM7XR+CAfG1CJBZw1p+yyrxHspItb5H30fNGm+/dnSY6SWAU98RDDiHpkA9yWyJyGHv+Rs8xUc6/Cg=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906; bh=0JkAN32f8kP/gEVbu4kUKc98Y6TocgV4rEzaZ+Ml6tc=; b=AJg/bfic8PpI7XY8yC6SZJZVu6kGA3oKNUVY+/vPUUbhlQDJQgPCJesoE4nKttSOvoQk4CkZ0U5Y96JceEc6S1Cu9GOQ1hQnnFGDE6P4WT6GL61NYukj4X1iTjFQwbTt+UL2GzQxrHerCBbvXn0z4piJpNlWkb/EF2DVYLJ989Q=
Date: 22 Jun 2009 12:51:24 -0000
Message-ID: <20090622125124.2497.qmail@simone.iecc.com>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <4A3F76B8.2030409@terabites.com>
Organization:
Cc:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 12:51:12 -0000

In article <4A3F76B8.2030409@terabites.com> you write:
>And the circle goes round and round.

My, we have a lot of dead horses here.

>The first one has been pointed out, but perhaps not strongly enough.  IT IS 
>STUPID AND COUNTERPRODUCTIVE TO BOUNCE NOTICE OF NON-DELIVERY TO RECOGNIZED SPAM 

Yes, we know.  It's been best practice for years to reject mail you're not
planning to deliver, not bounce it.  There are, of course, a lot of dusty
MTAs still doing worst practices, but our ability to fix them is limited.

>Also let me reiterate (as was pointed out) that sending inquiry
>messages to try to authenticate a valid mail agent LIKEWISE
>multiplies the bandwidth already wasted by the original spam.

Callbacks are widely discredited other than among a few small
filtering vendors who think they're the secret sauce to keep the users
paying.  I routinely block all connections from hosts where I see C/R
callbacks, and I doubt I'm the only one.

>connection during a sales call visit on-site to his customer, and where that 
>host's corporate network policy blocks sending of port 25 messages other than 
>to/through that company's own outgoing SMTP server. 

It's been best practice for a decade to use SUBMIT or a tunnel back to
your own host to send mail.  These days it's just laziness to do
anything else.  As someone else asked a few minutes ago, are there any
significant mail systems that still don't provide SUBMIT?

>E-mail coming from unfamiliar correspondents can be held to a (even much) 
>higher-than-usual standard regarding the ground rules for what is
>acceptable and what is not.

Yes, that's why we've been working on mail authentication a la DKIM for
several years, to allow us to recognize known senders reliably.

R's,
John