Re: [Asrg] What are the IPs that sends mail for a domain?

John Leslie <> Wed, 01 July 2009 15:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6A28B3A6F49 for <>; Wed, 1 Jul 2009 08:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.362
X-Spam-Status: No, score=-6.362 tagged_above=-999 required=5 tests=[AWL=0.237, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id L2fQ8uKjrXpE for <>; Wed, 1 Jul 2009 08:02:34 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 73BAC28C5B9 for <>; Wed, 1 Jul 2009 08:00:44 -0700 (PDT)
Received: by (Postfix, from userid 104) id 7968733CD2; Wed, 1 Jul 2009 11:00:32 -0400 (EDT)
Date: Wed, 1 Jul 2009 11:00:32 -0400
From: John Leslie <>
To: Anti-Spam Research Group - IRTF <>
Message-ID: <20090701150032.GB15652@verdi>
References: <> <> <> <> <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.4.1i
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Jul 2009 15:02:35 -0000

Ian Eiloart <> wrote:
> The point of SPF is to authenticate the sending domain.

   I don't believe SPF does any such thing. Domains can publish SPF RRs,
but those can't reasonably be said to "authenticate" anything, least of
all the "sending domain."

> If the IP address is authorised (by the domain owner) to send mail from
> the sender domain,

   That's closer... But I'd argue that no SPF construct "authorizes"
sending email. In practice, I think it's quite clear that SPF constructs
merely express probabilities.

> then bouncing mail into that domain isn't going to be causing backscatter, 
> unless the domain lacks internal controls over message submission.

   Of course, rather few domains other than corporate domains with
administrators more-than-average familiar with SMTP have reasonable
"internal controls over message submission". :^(

> If it does lack those internal controls, then the users of the domain
> can blame the domain owner.

   Indeed they can... does that actually accomplish anything?

> I guess there can also be issues where two distinct domains share the
> same outbound IP addresses, through an email service provider.

   Indeed, that is common...

> In that case, the email service provider is the responsible party that
> needs to be held to account.

   (which, BTW, is what CSV set out to do...)

> They need to ensure either (a) separation of domains by outbound IP
> address combined with accurate SPF records,

   Assuming they control either multiple IP addresses _or_ the SPF
records is risky. But even if they did, how would this lead to assigning
the responsibility correctly?

> or (b) proper implementation of MSA on all the domains that they
> provide service for.

   That is at least practial... But how does it lead to assigning the
responsibility correctly?

John Leslie <>