Re: [Asrg] What are the IPs that sends mail for a domain?

Rich Kulawiec <rsk@gsp.org> Mon, 22 June 2009 21:54 UTC

Return-Path: <rsk@gsp.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 96D153A6898 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 14:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqvZBxo7n1-F for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 14:54:05 -0700 (PDT)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id 953303A6D5C for <asrg@irtf.org>; Mon, 22 Jun 2009 14:53:45 -0700 (PDT)
Received: from squonk.gsp.org (bltmd-207.114.17.162.dsl.charm.net [207.114.17.162]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id n5MLrx3G010401 for <asrg@irtf.org>; Mon, 22 Jun 2009 17:54:00 -0400 (EDT)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id n5MLnTWd015151 for <asrg@irtf.org>; Mon, 22 Jun 2009 17:49:29 -0400 (EDT)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.3/8.14.3/Debian-4) with ESMTP id n5MLrsGa002717 for <asrg@irtf.org>; Mon, 22 Jun 2009 17:53:54 -0400
Received: (from rsk@localhost) by avatar.gsp.org (8.14.3/8.14.3/Submit) id n5MLrsGg002716 for asrg@irtf.org; Mon, 22 Jun 2009 17:53:54 -0400
Date: Mon, 22 Jun 2009 17:53:54 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090622215354.GC2137@gsp.org>
References: <20090617175332.5169.qmail@simone.iecc.com> <4A3B6E59.5010002@tana.it> <BA2257A830C1667CF12F63DD@lewes.staff.uscs.susx.ac.uk> <4A3F7AAC.8030402@tana.it> <EFF1CE90263B9E8BC0C8DF19@lewes.staff.uscs.susx.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <EFF1CE90263B9E8BC0C8DF19@lewes.staff.uscs.susx.ac.uk>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 21:54:06 -0000

On Mon, Jun 22, 2009 at 02:59:01PM +0100, Ian Eiloart wrote:
> We use IP address reputation services because there's nothing else we can 
> use, in the absence of some way to authenticate the sender address. Of  
> course, those mechanisms exist and are widely deployed but not 
> universally, or even by a majority of domains. When they become so, we'll 
> no doubt see domain based reputation services, and even address based 
> reputation services being used as much as IP address reputation services 
> are.

I don't think so.  Domains and addresses are nearly-free and disposable,
so spammers could easily render both pointless exercises whenever it
suited them to do so.  Given that registrars are quite happy to continue
selling dirt-cheap domains by the thousands to even the worst spammers
(and registrars ARE spammers) it will always be possible for abusers to
come up with another domain and another email address -- or another ten
thousand of each -- whenever it suits them.   Network space is not quite
so easy to come by, so I think we stand a better chance keeping track of
allocations.

---Rsk