Re: [Asrg] What are the IPs that sends mail for a domain?

John Levine <johnl@taugh.com> Tue, 16 June 2009 22:55 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1321A3A6C17 for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 15:55:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -19.199
X-Spam-Level:
X-Spam-Status: No, score=-19.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opY3qk6tnvtI for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 15:55:39 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by core3.amsl.com (Postfix) with ESMTP id CE97E3A693E for <asrg@irtf.org>; Tue, 16 Jun 2009 15:55:38 -0700 (PDT)
Received: (qmail 16336 invoked from network); 16 Jun 2009 22:55:49 -0000
Received: from mail1.iecc.com (208.31.42.56) by mail1.iecc.com with QMQP; 16 Jun 2009 22:55:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906; olt=johnl@user.iecc.com; bh=3tJ0GSbj7fqoKQ0iOtP4e3cYwa3mfKbZtwDjHeToz2Q=; b=T2eZv1R18nJ0xNWnk0iatonrChp8nO010H4b5KKaUlOtz+SnfLGvQ40Bg5wHZRk5tzYfEweg+D3jV1G76Q3JM74zWA8eDXwz15G/kmk1v0vbi6QNRVeHqHvNbxORtq7s7gf9oaY2+Luaqsg2TbqNzl902l4B6jfNpWTaWKbj0Q0=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:cc:mime-version:content-type:content-transfer-encoding; s=k0906; bh=3tJ0GSbj7fqoKQ0iOtP4e3cYwa3mfKbZtwDjHeToz2Q=; b=UF/6SDaZ+gP6gR6cVzYkV22eVIOZjXXzvm7AEPjlh563+BCYMXV1DgOQ+iSlRlyW37a3xAqKV+mFN9MWQIQL20abSTvr4kR7gJzLr/laUCCrwBS+FmXXm4bLaYk6qqQG6/w1/QJ+mUDLX+aXWdrBwLhrJP+nweg3iBLiiNChZIY=
Date: 16 Jun 2009 22:55:43 -0000
Message-ID: <20090616225543.11524.qmail@simone.iecc.com>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local>
Organization:
Cc:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 22:55:40 -0000

>How do I find if I have blocked the domain from sending to my server. Meaning, knowing the
>domain name of the sender, how do I find the IPs from where the mail could be sent from. It
>seems that SPF is the only tool to provide that answer? 

Unless you have previous mail from the domain, I would agree SPF is your best bet.


>In another related problem, which is linked to IPv6 and RBL. Buidling an IPv6 RBL could lead
>to a huge database. Sure you can alleviate by using "wildcards", but why not use the reverse
>DNS resolution to add a TXT record associated to the IP to indicate the IP is the one of a
>mail server? So any IP that does not have this record would be blocked for SMTP.

We've had a variety of proposals to identify mail client hosts.  See http://mipassoc.org/csv/

R's,
John