Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Wed, 01 July 2009 18:38 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 272BE3A6804 for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 11:38:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64bepyJz8IQ0 for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 11:38:44 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id DE17E3A6A8D for <asrg@irtf.org>; Wed, 1 Jul 2009 11:37:16 -0700 (PDT)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Wed, 01 Jul 2009 20:37:38 +0200 id 00000000005DC02F.000000004A4BACF2.00007D81
Message-ID: <4A4BACF1.2030609@tana.it>
Date: Wed, 01 Jul 2009 20:37:37 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it> <20090630200150.GL57980@verdi> <4A4B709C.2000109@tana.it> <20090701154314.GC15652@verdi>
In-Reply-To: <20090701154314.GC15652@verdi>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2009 18:38:45 -0000

John Leslie wrote:
>> 
>> [For accountability, I'd use] a domain name. One reason is that 
>> large ESP have many MTAs that can be used interchangeably. In 
>> addition, the person responsible for an MTA is not always identifiable 
>> (in Italy, the mandate to state who are the sysadmins of an MTA is 
>> being procrastinated every few months, since November 2008.) By 
>> contrast, domain registrants often have whois records pointing to them.
>
>    I think I'm catching on: you want to link the MTA to a _registered_ 
> domain.

Yup. However, no official registration exists for, say, us.ibm.com or 
it.ibm.com. The latter two ones happen to have different hostmaster 
addresses, therefore it would not be correct for them to share the 
same accountability token "ibm.com". I can only trust the DNS about 
the legitimacy of such subdomain delegations.

OTOH, I don't know from the DNS whether a domain is registered at a 
reputable registry.

>    You should, IMHO, say so in the I-D: "domain" by itself doesn't
> convey the idea of "registered domain".

Thanks, I will.

>>> RFC5068 deals with the operation of Mail Submission Agents. I don't agree 
>>> it even "suggests" how accountability should follow the message as it 
>>> winds its way to the recipient.
>>
>> It does. Notwithstanding the sentence you quoted, there is a 
>> "Submission Accountability after Submission" paragraph in section 3.1, 
>> saying
>>
>>       For a reasonable period of time after submission, the message
>>       SHOULD be traceable by the MSA operator to the authenticated
>>       identity of the user who sent the message.
> 
>    This deals _only_ with logging practices (or whatever magic) of the 
> operators of the Mail Submission Agent -- it implies nothing about 
> MTAs that may relay the message.

I thought "traceable" implied there is some token, such as Message-ID, 
that is logged on both submission and relay, so that one can retrace 
the path that a message took. Or would that have been termed 
"trackable", or whatever, instead?

>    I do not believe that you'll know any better by linking to a 
> registered domain, but YMMV.

Agreed. If it is neither worse, it can be used interchangeably with IP 
based info, depending on convenience.