Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Mon, 22 June 2009 12:35 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 02D6728C169 for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 05:35:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.585
X-Spam-Level:
X-Spam-Status: No, score=-0.585 tagged_above=-999 required=5 tests=[AWL=0.134, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvfO1FRl+a+g for <asrg@core3.amsl.com>; Mon, 22 Jun 2009 05:35:45 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 26A983A6846 for <asrg@irtf.org>; Mon, 22 Jun 2009 05:35:44 -0700 (PDT)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Mon, 22 Jun 2009 14:35:57 +0200 id 00000000005DC033.000000004A3F7AAD.0000326A
Message-ID: <4A3F7AAC.8030402@tana.it>
Date: Mon, 22 Jun 2009 14:35:56 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20090617175332.5169.qmail@simone.iecc.com> <4A3B6E59.5010002@tana.it> <BA2257A830C1667CF12F63DD@lewes.staff.uscs.susx.ac.uk>
In-Reply-To: <BA2257A830C1667CF12F63DD@lewes.staff.uscs.susx.ac.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2009 12:35:46 -0000

Ian Eiloart wrote:
> --On 19 June 2009 12:54:17 +0200 Alessandro Vesely <vesely@tana.it> wrote:
>> What about the other way around: given a domain and an IP address, can we
>> say whether the IP address "is a member of" the domain?
> [...]
> The DNS is used to express relationships between IP addresses and domain 
> names, but there are many types of relationship - like MX records, A 
> records.

A records. MX bear no IP address. Other records may hold an IP 
address, e.g. TXT, thus providing possibly weaker relationships.

> "is a member of" sounds like it might mean "is owned by" or "is 
> assigned to", but IP addresses are assigned to real world organisations, 
> not domain names.

You're right, the admins of a domain may put whatever A records in 
their zone files. I have to add that I get the domain name _from_ the 
given IP. In that case, if I'm able to find a record in the domain's 
zone that confirms that relationship, can I safely deduce that the 
membership relation holds?

> There's no necessary relationship when sending SMTP, unfortunately.

Agreed. But why do you say "unfortunately"? Do you mean that it would 
always be preferable to attribute responsibility based on the IP 
delegation hierarchy, rather than on the names' one, or have we always 
tried to go the former way just because the IP address of the remote 
host is easier to obtain?