Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <iane@sussex.ac.uk> Mon, 22 June 2009 09:57 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B15F43A680C for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 02:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.516
X-Spam-Level:
X-Spam-Status: No, score=-2.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAhTKNjyJa0U for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 02:57:03 -0700 (PDT)
Received: from lynndie.uscs.susx.ac.uk (lynndie.uscs.susx.ac.uk [139.184.14.87]) by core3.amsl.com (Postfix) with ESMTP id 761353A659C for <asrg@irtf.org>; Mon, 22 Jun 2009 02:57:02 -0700 (PDT)
Received: from lewes.staff.uscs.susx.ac.uk ([139.184.134.43]:52825) by lynndie.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KLMX0Y-000E32-OY for asrg@irtf.org; Mon, 22 Jun 2009 10:58:10 +0100
Date: Mon, 22 Jun 2009 10:57:04 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <93C7DCD53D28C50DA30C005D@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <4A3BC99E.8000008@cybernothing.org>
References: <10520166.1991245216397431.JavaMail.franck@somehost-55.sv2.equinix.net> <4A3AFB54.9020909@billmail.scconsult.com> <73B9CA3D486A5AE87C18AD17@lewes.staff.uscs.susx.ac.uk> <4A3BC99E.8000008@cybernothing.org>
Originator-Info: login-token=Mulberry:01n2yYwgjNBifg2ewkC5IS4Qs1BeS5HAKSFNc=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 09:57:04 -0000

--On 19 June 2009 11:23:42 -0600 "J.D. Falk" 
<jdfalk-lists@cybernothing.org> wrote:

> Ian Eiloart wrote:
>
>> Which is why I said it has to be done the other way around. Some
>> organisation with a significant email user base needs to take a lead on
>> this. It could be a large ISP, a large webmail provider, a government,
>> or some other body. It has to be done before the situation gets out of
>> hand, though.
>
> If the ASRG were to publish some research showing that this is a good
> idea, it'd go a long way towards convincing one of those organizations
> you mentioned to consider implementing it.

So, to demonstrate that it's a good idea, we need to show:

1. That there's lots of spam on the Internet, people don't like it, and it 
costs lots of time and money.

2. The spam is hard to identify, because there's no traceability. People 
like to whitelist or blacklist sender email address or sender email 
domains, but they're too easy to spoof because of the lack of traceability.

3. It would be nice to require traceability for new mailers, but it's hard 
to know which are new.

4. Except that IPv6 mailers are new, or recently deployed.

5. People with recently deployed IPv6 mailers are likely to have the 
ability to implement traceability.

6. The cost to the community of requiring traceability for IPv6 email 
servers would be low.

7. The reward would be that a whole class of easily identified new servers 
would have the traceability required.

8. When deploying IPv6 to customers, ISPs would have to take no special 
measures to prevent customer machines from emitting spam. They'd be 
secure(ish) by default.

Oh, and we have to figure out what form of traceability we're looking for. 
Let's start off with this list for a suggestion:

1. Reverse DNS records for the sender's IP address.
2. SPF or DKIM passes for the sender's IP address.
3. Strict checks on EHLO string.

And, for an IPv6 hosts receiving email, there must be an MX record.


-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/