Re: [Asrg] What are the IPs that sends mail for a domain?

Daniel Feenberg <> Wed, 17 June 2009 15:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B4FD728C105 for <>; Wed, 17 Jun 2009 08:24:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zkNBIeu2W4UJ for <>; Wed, 17 Jun 2009 08:24:08 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id DB40E28C289 for <>; Wed, 17 Jun 2009 08:23:54 -0700 (PDT)
Received: from ( []) by (8.14.1/8.13.8) with ESMTP id n5HFO0aM006486 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT); Wed, 17 Jun 2009 11:24:00 -0400 (EDT) (envelope-from
Received: from (localhost []) by (8.13.7+Sun/8.12.10) with ESMTP id n5HFHPrO029473; Wed, 17 Jun 2009 11:17:26 -0400 (EDT)
Received: from localhost (feenberg@localhost) by (8.13.7+Sun/8.13.7/Submit) with ESMTP id n5HFHOP3029461; Wed, 17 Jun 2009 11:17:25 -0400 (EDT)
X-Authentication-Warning: feenberg owned process doing -bs
Date: Wed, 17 Jun 2009 11:17:24 -0400 (EDT)
From: Daniel Feenberg <>
To: Anti-Spam Research Group - IRTF <>
In-Reply-To: <>
Message-ID: <>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <> <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Sendmail with Milter API 5.6.20, bases: 20090617 #2130901, check: 20090617 clean
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Jun 2009 15:24:09 -0000

On Wed, 17 Jun 2009, Steve Atkins wrote:

> On Jun 16, 2009, at 4:17 PM, Daniel Feenberg wrote:
>> Because it would be impossible to maintain a DNSBL for IPV6,
> I keep hearing people say this, but I've not seen any clear justification for 
> it. It seems to me to be no more difficult to run a blacklist for IPv6 
> addresses than IPv4 addresses (neither is easy, but the details of the 
> address representation don't seem to make more than minor differences).
> Can you expand on why you think it's the case, or point me at some discussion 
> of it?

Of course a spammer could reuse an IPV6 address, and then a DNSBL could 
catch subsequent spam from that address. But there isn't any need to reuse 
IPV6 addresses - they are nearly infinite in number, each customer is 
assigned billions by default and there is no real need for the spammer to 
restrict himself to his officially listed addresses.

IPV4 DNSBL work, even though they are "listing badness" because IPV4 
address space is finite. That means that "listing badness" isn't really 
different from "listing goodness". But if badness is infinite, then 
listing bad addresses won't be effective.

Note that my argument that MTAs with only IPV6 won't be established is not 
contradicted by the existence of MTAs with IPV6 and IPV4 connectivity. Nor 
does it really depend on the difficulties with DNSBLs, although that is an 
additional obstacle. The major obstacle is the limited connectivity that 
an IPV6 only MTA would have.

Daniel Feenberg

> Cheers,
> Steve
> _______________________________________________
> Asrg mailing list