Re: [Asrg] What are the IPs that sends mail for a domain?

Daniel Feenberg <> Tue, 16 June 2009 23:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B12EC3A6C77 for <>; Tue, 16 Jun 2009 16:24:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id X6b23QKfDc5H for <>; Tue, 16 Jun 2009 16:24:40 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BF79D28C0F6 for <>; Tue, 16 Jun 2009 16:24:40 -0700 (PDT)
Received: from ( []) by (8.14.1/8.13.8) with ESMTP id n5GNOUcU028549 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Tue, 16 Jun 2009 19:24:31 -0400 (EDT) (envelope-from
Received: from (localhost []) by (8.13.7+Sun/8.12.10) with ESMTP id n5GNHwWV004991; Tue, 16 Jun 2009 19:17:58 -0400 (EDT)
Received: from localhost (feenberg@localhost) by (8.13.7+Sun/8.13.7/Submit) with ESMTP id n5GNHfF1004988; Tue, 16 Jun 2009 19:17:42 -0400 (EDT)
X-Authentication-Warning: feenberg owned process doing -bs
Date: Tue, 16 Jun 2009 19:17:41 -0400 (EDT)
From: Daniel Feenberg <>
To: Franck Martin <>
In-Reply-To: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local>
Message-ID: <>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Sendmail with Milter API 5.6.20, bases: 20090616 #2127394, check: 20090616 clean
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Jun 2009 23:24:41 -0000

On Wed, 17 Jun 2009, Franck Martin wrote:

> I recently encountered the following question/problems.
> I have a mail server and one of my users complains he is not receiving 
> emails from a domain. How do I find if I have blocked the domain from 
> sending to my server. Meaning, knowing the domain name of the sender, 
> how do I find the IPs from where the mail could be sent from. It seems 
> that SPF is the only tool to provide that answer?
> In another related problem, which is linked to IPv6 and RBL. Buidling an 
> IPv6 RBL could lead to a huge database. Sure you can alleviate by using 
> "wildcards", but why not use the reverse DNS resolution to add a TXT 
> record associated to the IP to indicate the IP is the one of a mail 
> server? So any IP that does not have this record would be blocked for 
> SMTP. As IPv6 is not used for SMTP (or barely), this could be made 
> mandatory for IPv6 and optional for IPv4. An MUA could talk to an MTA on 
> port 25 because we know the the etwork range of the MUA or the 
> alternative is to use the new mail submit port.

I predict that no significant amount of mail ever originates from IPV6. 
Because it would be impossible to maintain a DNSBL for IPV6, I expect that 
enough sites will decline all IPV6 mail that it won't pay to send from it.
Consider that because a spammer could (spoof) a different IPV6 address for 
every message, even a different 48 bit block for every messages, MTAs will 
be left with only content analysis for spam blocking. I don't expect IPV4s 
will ever be so scarce that enough MTAs will start using them out of 
necessity - ISPs will give each customer 4 IPV4 addresses with their 
million address IPV6 range, and customers will use those 4 addresses for 
the things that really need IPV4 - such as internet facing MTAs.

Consider also the difficulty facing the first IPV6 only MTA. It's 
connectivity will be very low, even compared to the worst possible 
allocation of a former spammer block in IPV4. It is one thing to put up a 
little used IPV6 web site - there isn't much of a penalty for adding IPV6 
to IPV4. And eventually some special purpose websites will be IPV6 only, 
those that know their clients are IPV6 only. But there isn't any point in 
a public-facing IPV6 MTA without an IPV4 alternative. And since the IPV4 
alternative can serve the IPV6 clients just as well, it will never be very 
usefull to add IPV6 support.

This is a prediction, not a prescription.

Daniel Feenberg