Re: [Asrg] What are the IPs that sends mail for a domain?

Dotzero <dotzero@gmail.com> Mon, 22 June 2009 20:15 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED20B3A6E0A for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 13:15:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xs9b3uKj8QI5 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 13:15:00 -0700 (PDT)
Received: from mail-qy0-f195.google.com (mail-qy0-f195.google.com [209.85.221.195]) by core3.amsl.com (Postfix) with ESMTP id A1C323A6B5A for <asrg@irtf.org>; Mon, 22 Jun 2009 13:13:45 -0700 (PDT)
Received: by qyk33 with SMTP id 33so3915120qyk.15 for <asrg@irtf.org>; Mon, 22 Jun 2009 13:13:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=iBwjdL6ysXmSQNAYZGBAEhEAmH9Ez7rmbkZF1uEOF18=; b=DgecVSmexsPprUM8U8qiwLwpfb8aBuhIKqYMfZuKn5Nz0MgHjSSINhyVX8nP1ObjCk eVa6dcNdLfXfwKUy9S5kBkJx7WAU523JkOKqxqINi8sU0jfpgU1KeHCuYE38PWZ7hQrC 1Zx0Lnd1mI5+yz10fv0Ys3INm+DEFola6Mxz4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=IYEMuPyAmOGAGaLjK+jI8i79rIRBSDv9aSjG+F/h1noSt+tqoXF/sNtK/Ahz733v9L 3fQhLh+Dz36IhKyvMEl2+FBIfeWHACKwpL0XJ9XV1wD9nDP9f49rZodMJD2vcajWO3P+ i5NvhlwFQRzJjV99dvGVAL5ev8ezQMFi6kcUk=
MIME-Version: 1.0
Received: by 10.220.73.209 with SMTP id r17mr4334074vcj.46.1245701617607; Mon, 22 Jun 2009 13:13:37 -0700 (PDT)
In-Reply-To: <41937DE9-BAF3-486B-953E-8C638F3A49D2@mail-abuse.org>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <C8F0F10E-E1A4-4D25-AF20-31E3F0DB68DF@mail-abuse.org> <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <BD23C7D8-9E95-45CA-93F3-80F9726F889C@mail-abuse.org> <247DB2D923FD71677CC1D4FA@lewes.staff.uscs.susx.ac.uk> <41937DE9-BAF3-486B-953E-8C638F3A49D2@mail-abuse.org>
Date: Mon, 22 Jun 2009 16:13:37 -0400
Message-ID: <7ae58c220906221313n6e39d3c1o6591596f6c2b8b9@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 20:15:01 -0000

On Mon, Jun 22, 2009 at 3:05 PM, Douglas Otis<dotis@mail-abuse.org> wrote:
>
> On Jun 22, 2009, at 7:12 AM, Ian Eiloart wrote:
>
>> --On 21 June 2009 23:34:16 -0700 Douglas Otis <dotis@mail-abuse.org>
>> wrote:
>>>
>>> SPF does not work well at resolving a domain that should be held
>>> accountable for a few reasons-
>>>
>>>  a) risks high and impractical transaction overheads at attempts to
>>> indirectly reference the customers of a provider.
>>
>> Er, we already have ridiculous transaction overheads for email. Anything
>> that stopped spam would reduce the transaction overheads for legitimate
>> email by up to ten fold.
>
> Only the application of reputation and address range policies reduces spam
> levels.  Not using SPF and instead using CSV will reduce the transaction
> overhead needed to validate an associated domain.  SPF often requires
> several transactions, that may exceed several hundred transactions where 111
> could be generated by PRAs and then another 111 for the Mail-From.   The
> high overhead problem of SPF can be made worse when the SPF records contain
> macros.  Using SPF macros, bad actors can cause recipients to generate a
> long series of different DNS transactions based upon portions of an
> email-address local-part, for example.  This enables a free DDoS attack
> while spamming, since SPF macros can make DNS caching ineffective.
>

Doug,

I'd take your discussions of SPF more seriously if you would stop
conflating SPF and Sender-ID. They are two different animals. SPF (the
specification) does not include anything called PRA. Sender-ID
includes the concept of PRA. PRA is broken in the spec so there isn't
any purpose in spending time discussing it. All one needs to do is
look at the paragraph that states that if a sender field exists you
set the PRA to that. This bypasses any SPF record published for the
Mail From (envelope sender) domain. End of discussion.