Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Wed, 17 June 2009 16:50 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D16E13A6B80 for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 09:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.616
X-Spam-Level:
X-Spam-Status: No, score=-0.616 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bq5j9fkWg2wE for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 09:50:43 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id B39C63A68B5 for <asrg@irtf.org>; Wed, 17 Jun 2009 09:50:43 -0700 (PDT)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Wed, 17 Jun 2009 18:50:44 +0200 id 00000000005DC02F.000000004A391EE4.000009BC
Message-ID: <4A391EE4.9010109@tana.it>
Date: Wed, 17 Jun 2009 18:50:44 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20090616225543.11524.qmail@simone.iecc.com> <628BBDFC-0DDE-47B6-BC41-EAF846EE9D5D@mail-abuse.org> <1245203745.93720.748.camel@legolas.orthanc.ca> <4A38629F.5040506@billmail.scconsult.com> <4A38F094.1000005@tana.it> <200906171517.LAA18188@Sparkle.Rodents-Montreal.ORG>
In-Reply-To: <200906171517.LAA18188@Sparkle.Rodents-Montreal.ORG>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 16:50:45 -0000

der Mouse wrote:
>> However, the standard requires that it says "EHLO host-at.some.name".
> 
> Not quite.  It requires that the HELO/EHLO argument be a valid name for
> the SMTP client host.  The presence or absence of any DNS zone cuts in
> the vicinity is completely irrelevant.

Isn't the FQDN for a host the host name "dot" the domain name?

>> It is a seemingly simple task to drop the leftmost label(s) so as to
>> obtain the mail domain, but doing that properly requires a zone cut
>> algorithm that most servers miss.
> 
> ...and which is wrong anyway.  The division of DNS names into "hosts"
> and "domains" is purely a human one.  Dropping the first label from a
> DNS name in an attempt to get "the domain" for it is, at best, a rough
> heuristic.  Looking up the DNS tree for zone cuts also is nothing more
> than a heuristic.

The host gets its name after some buddy edits the zone file. Which 
zone file? The domain's one. Yes, it is human, heuristic, and error 
prone. (I never seriously meant to actually implement a zone cut 
algorithm in MTA servers in order to derive domain names. However, 
that was an early hypothesis for the SPF check algorithm, as an 
alternative to requiring SPF records for each possible helo name.)

> It's not even clear to me that there *is* a "_the_ domain".  What's
> "the domain" for (to invent an example) mail.research.tjw.ibm.com?

If research.tjw.ibm.com had an MX, it would be a good candidate. 
Otherwise... elementary my dear Watson. Is that worse than Bayesian 
guesses?

> There plausibly could be as many zone cuts as there are dots, there,
> and I could argue for picking any of them as "the domain" for email
> responsibility purposes (well, possibly excepting the TLD, but even
> that is just a heuristic, likely to break soon).

Yeah, John recently wrote something about .va sporting an MX (John 
Levine, not john.vatican.va) while 2nd level co.uk has none. It is 
much better if the domain is plainly told by the client rather than 
badly guessed by the server. E.g. "VHLO domain.name".