Re: [Asrg] What are the IPs that sends mail for a domain?

John Leslie <john@jlc.net> Wed, 01 July 2009 15:44 UTC

Return-Path: <john@jlc.net>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08A8A3A67AF for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 08:44:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.079
X-Spam-Level:
X-Spam-Status: No, score=-6.079 tagged_above=-999 required=5 tests=[AWL=-0.080, BAYES_00=-2.599, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IGOzbyD+UmDt for <asrg@core3.amsl.com>; Wed, 1 Jul 2009 08:44:17 -0700 (PDT)
Received: from mailhost.jlc.net (mailhost.jlc.net [199.201.159.9]) by core3.amsl.com (Postfix) with ESMTP id AE4333A6F36 for <asrg@irtf.org>; Wed, 1 Jul 2009 08:44:06 -0700 (PDT)
Received: by mailhost.jlc.net (Postfix, from userid 104) id 546AC33CE3; Wed, 1 Jul 2009 11:43:14 -0400 (EDT)
Date: Wed, 01 Jul 2009 11:43:14 -0400
From: John Leslie <john@jlc.net>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090701154314.GC15652@verdi>
References: <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it> <20090630200150.GL57980@verdi> <4A4B709C.2000109@tana.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4A4B709C.2000109@tana.it>
User-Agent: Mutt/1.4.1i
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2009 15:44:18 -0000

Alessandro Vesely <vesely@tana.it> wrote:
> John Leslie wrote:
> 
>> The CSV paradigm is that the operator of a MTA should exercise some 
>> responsibility for what is sends. The HELO string identifies the MTA 
>> (though not necessarily one string exclusively by one MTA), and the 
>> DNS management for that domain-name string states whether that domain 
>> exercises responsibility (and by automatic return of A)ddress RRs on 
>> SRV queries, what IP address(es) that MTA uses).
> 
> The link from the MTA to its operator is still missing.

   CSV doesn't try to enforce any particular link, but that doesn't
imply there is none.

>> While this perhaps comes "close", it's not designating an "accountable 
>> party"; and the IP address is related to the HELO string, not the other 
>> way around. It does _not_ lead to an "accountable party" -- it merely 
>> associates a reference string (the domain name) that we can use as a 
>> query to reputation services.
> 
> To this end, I'd prefer the use of a domain name. One reason is that 
> large ESP have many MTAs that can be used interchangeably. In 
> addition, the person responsible for an MTA is not always identifiable 
> (in Italy, the mandate to state who are the sysadmins of an MTA is 
> being procrastinated every few months, since November 2008.) By 
> contrast, domain registrants often have whois records pointing to them.

   I think I'm catching on: you want to link the MTA to a _registered_
domain.

   You should, IMHO, say so in the I-D: "domain" by itself doesn't
convey the idea of "registered domain".

>> RFC5068 deals with the operation of Mail Submission Agents. I don't agree 
>> it even "suggests" how accountability should follow the message as it 
>> winds its way to the recipient.
> 
> It does. Notwithstanding the sentence you quoted, there is a 
> "Submission Accountability after Submission" paragraph in section 3.1, 
> saying
> 
>       For a reasonable period of time after submission, the message
>       SHOULD be traceable by the MSA operator to the authenticated
>       identity of the user who sent the message.

   This deals _only_ with logging practices (or whatever magic) of the
operators of the Mail Submission Agent -- it implies nothing about
MTAs that may relay the message.

> A similar norm is mandated by anti-terrorism regulations, in the EU at 
> least.

   Indeed, various jurisdictions write laws and regulations. We should
allow for them wherever practical, but we can't adopt an international
standard to every jurisdiction's laws and regulations.

> That way, accountability could be theoretically traced, _if_ the first 
> submission followed those guidelines. While I can be reasonably sure 
> that the connecting client is not an open relay, after IP based DNSBL, 
> I have no means to know that the site either enforces the submission 
> protocol in general, or did so for at least the messages it is about 
> to relay.

   I do not believe that you'll know any better by linking to a
registered domain, but YMMV. I will stipulate that in the absence of
a reputation service, the _explicit_ link to a registered domain
gives a bit more clout to an assumption that the domain registration
information is a "responsible party"; but neither domain registrars
nor the VHLO draft would enforce much of anything. :^(

--
John Leslie <john@jlc.net>