Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <iane@sussex.ac.uk> Thu, 02 July 2009 12:10 UTC

Return-Path: <iane@sussex.ac.uk>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE52E3A6CE3 for <asrg@core3.amsl.com>; Thu, 2 Jul 2009 05:10:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.46
X-Spam-Level:
X-Spam-Status: No, score=-2.46 tagged_above=-999 required=5 tests=[AWL=0.139, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCQyzCwiYQ3D for <asrg@core3.amsl.com>; Thu, 2 Jul 2009 05:10:08 -0700 (PDT)
Received: from karpinski.uscs.susx.ac.uk (karpinski.uscs.susx.ac.uk [139.184.14.85]) by core3.amsl.com (Postfix) with ESMTP id 47E3A3A689D for <asrg@irtf.org>; Thu, 2 Jul 2009 05:10:08 -0700 (PDT)
Received: from seana-imac.staff.uscs.susx.ac.uk ([139.184.132.137]:60100) by karpinski.uscs.susx.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <iane@sussex.ac.uk>) id KM5LV1-0008PN-A0 for asrg@irtf.org; Thu, 02 Jul 2009 13:11:25 +0100
Date: Thu, 02 Jul 2009 13:10:29 +0100
From: Ian Eiloart <iane@sussex.ac.uk>
Sender: iane@sussex.ac.uk
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <FD7A0438B3DB37E2D02414C8@seana-imac.staff.uscs.susx.ac.uk>
In-Reply-To: <4A4B8090.5000507@tana.it>
References: <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it> <20090630200150.GL57980@verdi> <4A4B709C.2000109@tana.it> <7ae58c220907010742h1d273f42m8bb3c02e6b969b1@mail.gmail.com> <4A4B8090.5000507@tana.it>
Originator-Info: login-token=Mulberry:01on2hVgveD7vj6vW4DqMV8hTJCPXCsAWjF+g=; token_authority=support@its.sussex.ac.uk
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2009 12:10:09 -0000

--On 1 July 2009 17:28:16 +0200 Alessandro Vesely <vesely@tana.it> wrote:

> Dotzero wrote:
>>> Thus, it turns out that if an MTA does mixed MSA and old fashioned port
>>> 25 relaying for its clients, its IP cannot convey accountability.
>>
>> The fact that it cannot (may not?) convey accountability does not mean
>> that it cannot or should not be held accountable for what it emits.
>
> I understand the 2nd "it" as referring to the MTA, not the IP address. It
> doesn't make much difference, since both of them are objects. AFAICS, the
> point is to hold _someone_ accountable, so that it might be theoretically
> possible to claim damage, in case. It is like an insurance, and
> postmasters tend to stipulate it with IP numbers rather than DNS names.
> Why?

Because there is currently usually no alternative. You can only know the IP 
address of the sending MTA. It's hard to connect that to a person, or 
organisation, so the usual thing is to check against a reputation service.

With some reason to trust that the domain of the return-path, or in some 
message header, is not forged, you can go a lot further. You have the email 
address of the postmaster, and quite likely of the sender. If you don't 
have the email address of the sender, then that's an issue that needs 
sorting out within the domain.

"Accountability" can be applied in many ways, including:
1) assignment of reputation - in future DNSBLs will be supplemented or even 
replaced by domain reputation services.
2) freely bouncing undeliverable messages, like we used to do.
3) complaining to the sender, their company, or their postmaster.
4) legal santions, up to and including prison sentences.

> _______________________________________________
> Asrg mailing list
> Asrg@irtf.org
> http://www.irtf.org/mailman/listinfo/asrg



-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/