Re: [Asrg] What are the IPs that sends mail for a domain?

der Mouse <mouse@Rodents-Montreal.ORG> Wed, 17 June 2009 15:17 UTC

Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1709E3A6DF8 for <>; Wed, 17 Jun 2009 08:17:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.664
X-Spam-Status: No, score=-9.664 tagged_above=-999 required=5 tests=[AWL=0.324, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YwxlncUvfkiI for <>; Wed, 17 Jun 2009 08:17:43 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG []) by (Postfix) with ESMTP id E486F3A685E for <>; Wed, 17 Jun 2009 08:17:42 -0700 (PDT)
Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id LAA18188; Wed, 17 Jun 2009 11:17:49 -0400 (EDT)
From: der Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <200906171517.LAA18188@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
Date: Wed, 17 Jun 2009 11:03:47 -0400 (EDT)
To: Anti-Spam Research Group - IRTF <>
In-Reply-To: <>
References: <> <> <> <> <>
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Jun 2009 15:17:44 -0000

>> [...] I think what he is actually saying is that if you have a
>> machine that says "EHLO" then there should be both a MX
>> record for and a SRV record for
>> (i.e. a CSV/CSA record).
> However, the standard requires that it says "EHLO".

Not quite.  It requires that the HELO/EHLO argument be a valid name for
the SMTP client host.  The presence or absence of any DNS zone cuts in
the vicinity is completely irrelevant.

> It is a seemingly simple task to drop the leftmost label(s) so as to
> obtain the mail domain, but doing that properly requires a zone cut
> algorithm that most servers miss.

...and which is wrong anyway.  The division of DNS names into "hosts"
and "domains" is purely a human one.  Dropping the first label from a
DNS name in an attempt to get "the domain" for it is, at best, a rough
heuristic.  Looking up the DNS tree for zone cuts also is nothing more
than a heuristic.

It's not even clear to me that there *is* a "_the_ domain".  What's
"the domain" for (to invent an example)
There plausibly could be as many zone cuts as there are dots, there,
and I could argue for picking any of them as "the domain" for email
responsibility purposes (well, possibly excepting the TLD, but even
that is just a heuristic, likely to break soon).

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B