Re: [Asrg] What are the IPs that sends mail for a domain?

Ian Eiloart <> Mon, 22 June 2009 10:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DB01528C110 for <>; Mon, 22 Jun 2009 03:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.522
X-Spam-Status: No, score=-2.522 tagged_above=-999 required=5 tests=[AWL=0.077, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5tgGiafYUHqN for <>; Mon, 22 Jun 2009 03:39:25 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id BAE0A28C0E8 for <>; Mon, 22 Jun 2009 03:39:25 -0700 (PDT)
Received: from ([]:54074) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.64) (envelope-from <>) id KLMYZW-0004GJ-B6 for; Mon, 22 Jun 2009 11:40:44 +0100
Date: Mon, 22 Jun 2009 11:39:38 +0100
From: Ian Eiloart <>
To: Anti-Spam Research Group - IRTF <>
Message-ID: <>
In-Reply-To: <>
References: <> <>
Originator-Info: login-token=Mulberry:01SXWuvrLWHCOK4gIgtZu86iExr+3PGKybvuA=;
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Sussex: true
X-Sussex-transport: remote_smtp
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 22 Jun 2009 10:39:26 -0000

--On 19 June 2009 12:54:17 +0200 Alessandro Vesely <> wrote:

> John Levine wrote:
>>> Isn't the FQDN for a host the host name "dot" the domain name?
>> The FQDN for a host is the host's FQDN.  As we've all noted, there's
>> lots of heuristics to guess domain names, none of which work.
> What about the other way around: given a domain and an IP address, can we
> say whether the IP address "is a member of" the domain?

"is a member of" isn't a useful description of relationships between IP 
addresses and domain names.

You can say that an IP address "is a member of" a netblock. You can say 
that a domain name "is a subdomain" of another domain, and could regard 
that as a "membership" relation.

The DNS is used to express relationships between IP addresses and domain 
names, but there are many types of relationship - like MX records, A 
records. "is a member of" sounds like it might mean "is owned by" or "is 
assigned to", but IP addresses are assigned to real world organisations, 
not domain names. There's no necessary relationship when sending SMTP, 

You could check whether the IP address and the domain name were assigned to 
the same organisation, but that often won't be possible.

> Vhlo mentions the following three ways to determine that, without
> apparently resorting to heuristics. I'm wondering how sound it is to rely
> on those, or similar, techniques.
> * rDNS returns a name whose right part matches the domain name,
> * an MX record for the domain mentions a host with the given IP,
> * the IP address passes the SPF check for that domain.
> _______________________________________________
> Asrg mailing list

Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see