Re: [Asrg] What are the IPs that sends mail for a domain?

John Levine <> Mon, 22 June 2009 12:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1E8CC28C1DA for <>; Mon, 22 Jun 2009 05:51:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -19.199
X-Spam-Status: No, score=-19.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PFRDIDv0-eMC for <>; Mon, 22 Jun 2009 05:51:11 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DC56428C1D9 for <>; Mon, 22 Jun 2009 05:51:10 -0700 (PDT)
Received: (qmail 19601 invoked from network); 22 Jun 2009 12:51:25 -0000
Received: from ( by with QMQP; 22 Jun 2009 12:51:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906;; bh=0JkAN32f8kP/gEVbu4kUKc98Y6TocgV4rEzaZ+Ml6tc=; b=IijWVi5bBUxOPslF2KKD21knbgWPsA1cxh9kA9u84vC0NWVQy89MORZWr6yhvo0r4J1U1S53re/f3SPVCUwuQAQxNZb0SBM7XR+CAfG1CJBZw1p+yyrxHspItb5H30fNGm+/dnSY6SWAU98RDDiHpkA9yWyJyGHv+Rs8xUc6/Cg=
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906; bh=0JkAN32f8kP/gEVbu4kUKc98Y6TocgV4rEzaZ+Ml6tc=; b=AJg/bfic8PpI7XY8yC6SZJZVu6kGA3oKNUVY+/vPUUbhlQDJQgPCJesoE4nKttSOvoQk4CkZ0U5Y96JceEc6S1Cu9GOQ1hQnnFGDE6P4WT6GL61NYukj4X1iTjFQwbTt+UL2GzQxrHerCBbvXn0z4piJpNlWkb/EF2DVYLJ989Q=
Date: 22 Jun 2009 12:51:24 -0000
Message-ID: <>
From: John Levine <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 22 Jun 2009 12:51:12 -0000

In article <> you write:
>And the circle goes round and round.

My, we have a lot of dead horses here.

>The first one has been pointed out, but perhaps not strongly enough.  IT IS 

Yes, we know.  It's been best practice for years to reject mail you're not
planning to deliver, not bounce it.  There are, of course, a lot of dusty
MTAs still doing worst practices, but our ability to fix them is limited.

>Also let me reiterate (as was pointed out) that sending inquiry
>messages to try to authenticate a valid mail agent LIKEWISE
>multiplies the bandwidth already wasted by the original spam.

Callbacks are widely discredited other than among a few small
filtering vendors who think they're the secret sauce to keep the users
paying.  I routinely block all connections from hosts where I see C/R
callbacks, and I doubt I'm the only one.

>connection during a sales call visit on-site to his customer, and where that 
>host's corporate network policy blocks sending of port 25 messages other than 
>to/through that company's own outgoing SMTP server. 

It's been best practice for a decade to use SUBMIT or a tunnel back to
your own host to send mail.  These days it's just laziness to do
anything else.  As someone else asked a few minutes ago, are there any
significant mail systems that still don't provide SUBMIT?

>E-mail coming from unfamiliar correspondents can be held to a (even much) 
>higher-than-usual standard regarding the ground rules for what is
>acceptable and what is not.

Yes, that's why we've been working on mail authentication a la DKIM for
several years, to allow us to recognize known senders reliably.