Re: [Asrg] What are the IPs that sends mail for a domain?

Dotzero <dotzero@gmail.com> Tue, 30 June 2009 17:17 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB8943A6B07 for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 10:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sbmVnrVaP7SB for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 10:17:54 -0700 (PDT)
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.25]) by core3.amsl.com (Postfix) with ESMTP id D62873A6A3E for <asrg@irtf.org>; Tue, 30 Jun 2009 10:17:53 -0700 (PDT)
Received: by qw-out-2122.google.com with SMTP id 5so123807qwd.7 for <asrg@irtf.org>; Tue, 30 Jun 2009 10:17:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=WItlnIEL+R8E5+YIdR1Bc5sCk8J2++1goBb+g3dmiqE=; b=LOB5geVrqb/RjSrZohVlovVC0TY9kyHk4k1gcvpjM5FUz/KkwIdhmg8XtjhnOWkpdV fTFa13B5o5QYnMmxQ5IWhTbO2X5BFnNv3D1TzVb/jfkzyT5/xz2u0H7mPRbLLgs40G+E StoPVZ8mNxCbXPXiljxsSBZkmnTLFCK2NbwCM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=MUnnAwPpkDd7t2XqLY/2d+tRsUC5z50IFjvK+Sczyacp5v7MuosXozLx8zrUrsvQWT yfmwQ3AbAQVIV7GekakCrKHF4VTGh9Novse2rM98zWSCHjpGYQV/wm5eQ5Y2Gxcmd1M9 GKDwDNUUenmbZiGq2sUfrHzbXpTs6wiPD0ZE0=
MIME-Version: 1.0
Received: by 10.220.45.80 with SMTP id d16mr6800148vcf.93.1246382251511; Tue, 30 Jun 2009 10:17:31 -0700 (PDT)
In-Reply-To: <20090630111105.GA12502@gsp.org>
References: <mailman.5.1245610801.29559.asrg@irtf.org> <4A3F76B8.2030409@terabites.com> <BBBA1F6A3752AE7B96888ECB@lewes.staff.uscs.susx.ac.uk> <4A48FB80.10709@billmail.scconsult.com> <800E7AE85B690B4BAC93F2CD@seana-imac.staff.uscs.susx.ac.uk> <20090630111105.GA12502@gsp.org>
Date: Tue, 30 Jun 2009 13:17:31 -0400
Message-ID: <7ae58c220906301017i49fb9413n41683acf67b16110@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 17:17:54 -0000

On Tue, Jun 30, 2009 at 7:11 AM, Rich Kulawiec<rsk@gsp.org> wrote:
> On Tue, Jun 30, 2009 at 10:55:04AM +0100, Ian Eiloart wrote:
>> However, I do believe that people should take SPF records into account
>> when deciding whether to generate bounce messages.
>
> Despite the ostentatious claims made by its originator ("Spam as a
> technical problem is solved by SPF"), SPF has no anti-spam value.
> Nor should it be used when deciding whether to generate a bounce:
> the answer to that is always "no".  It's far better to reject (not
> to mention far simpler, with any sane MTA) and thus greatly diminish
> the possibility of outscatter/backscatter spam.
>
> ---Rsk

I'm going to agree with Rich that it's better to reject than to
bounce. I can't speak to whether SPF has anti-spam value generally but
my experience with publishing -all records for a number of well known
large sending sites is that it is useful in addressing phishing at the
risk of a small amount of breakage. (Different folks will have
different thresholds for this type of tradeoff) This is particularly
true if used in conjunction with DKIM signing all outbound mail and
making an assertion that one signs all mail. For other types of
senders YMMV.

As far as whether this is empirical or anecdotal, my statements are
based on a corpus of approximately 750 million sent emails with
analysis of outbound MTA logs for immediate rejects/bounces as well as
bounces/DSNs that come in later.