[Asrg] What are the IPs that sends mail for a domain?

Franck Martin <franck@avonsys.com> Tue, 16 June 2009 22:20 UTC

Return-Path: <franck@avonsys.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1BFF928C1D8 for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 15:20:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2UBmXMzIp3vg for <asrg@core3.amsl.com>; Tue, 16 Jun 2009 15:20:14 -0700 (PDT)
Received: from seine.avonsys.com (seine.avonsys.com [202.170.42.206]) by core3.amsl.com (Postfix) with ESMTP id 9D8C028C123 for <asrg@irtf.org>; Tue, 16 Jun 2009 15:20:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by seine.avonsys.com (Postfix) with ESMTP id 1763864F8594 for <asrg@irtf.org>; Wed, 17 Jun 2009 10:20:50 +1200 (FJT)
X-Virus-Scanned: amavisd-new at avonsys.com
Received: from seine.avonsys.com ([127.0.0.1]) by localhost (seine.avonsys.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U-+I3+Okul2S for <asrg@irtf.org>; Wed, 17 Jun 2009 10:20:44 +1200 (FJT)
Received: from seine.avonsys.com (localhost [127.0.0.1]) by seine.avonsys.com (Postfix) with ESMTP id 9BC9164F8593 for <asrg@irtf.org>; Wed, 17 Jun 2009 10:20:44 +1200 (FJT)
Date: Wed, 17 Jun 2009 10:20:44 +1200 (FJT)
From: Franck Martin <franck@avonsys.com>
To: asrg@irtf.org
Message-ID: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local>
In-Reply-To: <4515812.1851245190668283.JavaMail.franck@iphone-4.genius.local>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_127_12935820.1245190785747"
X-Originating-IP: [64.244.66.2]
X-Mailer: Zimbra 5.0.11_GA_2695.UBUNTU6 (Yahoo! Zimbra Desktop/1.0_1593_Mac)
Subject: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 22:20:15 -0000

I recently encountered the following question/problems. 

I have a mail server and one of my users complains he is not receiving emails from a domain. How do I find if I have blocked the domain from sending to my server. Meaning, knowing the domain name of the sender, how do I find the IPs from where the mail could be sent from. It seems that SPF is the only tool to provide that answer? 

In another related problem, which is linked to IPv6 and RBL. Buidling an IPv6 RBL could lead to a huge database. Sure you can alleviate by using "wildcards", but why not use the reverse DNS resolution to add a TXT record associated to the IP to indicate the IP is the one of a mail server? So any IP that does not have this record would be blocked for SMTP. As IPv6 is not used for SMTP (or barely), this could be made mandatory for IPv6 and optional for IPv4. An MUA could talk to an MTA on port 25 because we know the the etwork range of the MUA or the alternative is to use the new mail submit port.