Re: [Asrg] What are the IPs that sends mail for a domain?

John Leslie <> Wed, 01 July 2009 15:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 08A8A3A67AF for <>; Wed, 1 Jul 2009 08:44:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.079
X-Spam-Status: No, score=-6.079 tagged_above=-999 required=5 tests=[AWL=-0.080, BAYES_00=-2.599, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IGOzbyD+UmDt for <>; Wed, 1 Jul 2009 08:44:17 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AE4333A6F36 for <>; Wed, 1 Jul 2009 08:44:06 -0700 (PDT)
Received: by (Postfix, from userid 104) id 546AC33CE3; Wed, 1 Jul 2009 11:43:14 -0400 (EDT)
Date: Wed, 1 Jul 2009 11:43:14 -0400
From: John Leslie <>
To: Anti-Spam Research Group - IRTF <>
Message-ID: <20090701154314.GC15652@verdi>
References: <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <> <> <> <> <> <20090630200150.GL57980@verdi> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.4.1i
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Jul 2009 15:44:18 -0000

Alessandro Vesely <> wrote:
> John Leslie wrote:
>> The CSV paradigm is that the operator of a MTA should exercise some 
>> responsibility for what is sends. The HELO string identifies the MTA 
>> (though not necessarily one string exclusively by one MTA), and the 
>> DNS management for that domain-name string states whether that domain 
>> exercises responsibility (and by automatic return of A)ddress RRs on 
>> SRV queries, what IP address(es) that MTA uses).
> The link from the MTA to its operator is still missing.

   CSV doesn't try to enforce any particular link, but that doesn't
imply there is none.

>> While this perhaps comes "close", it's not designating an "accountable 
>> party"; and the IP address is related to the HELO string, not the other 
>> way around. It does _not_ lead to an "accountable party" -- it merely 
>> associates a reference string (the domain name) that we can use as a 
>> query to reputation services.
> To this end, I'd prefer the use of a domain name. One reason is that 
> large ESP have many MTAs that can be used interchangeably. In 
> addition, the person responsible for an MTA is not always identifiable 
> (in Italy, the mandate to state who are the sysadmins of an MTA is 
> being procrastinated every few months, since November 2008.) By 
> contrast, domain registrants often have whois records pointing to them.

   I think I'm catching on: you want to link the MTA to a _registered_

   You should, IMHO, say so in the I-D: "domain" by itself doesn't
convey the idea of "registered domain".

>> RFC5068 deals with the operation of Mail Submission Agents. I don't agree 
>> it even "suggests" how accountability should follow the message as it 
>> winds its way to the recipient.
> It does. Notwithstanding the sentence you quoted, there is a 
> "Submission Accountability after Submission" paragraph in section 3.1, 
> saying
>       For a reasonable period of time after submission, the message
>       SHOULD be traceable by the MSA operator to the authenticated
>       identity of the user who sent the message.

   This deals _only_ with logging practices (or whatever magic) of the
operators of the Mail Submission Agent -- it implies nothing about
MTAs that may relay the message.

> A similar norm is mandated by anti-terrorism regulations, in the EU at 
> least.

   Indeed, various jurisdictions write laws and regulations. We should
allow for them wherever practical, but we can't adopt an international
standard to every jurisdiction's laws and regulations.

> That way, accountability could be theoretically traced, _if_ the first 
> submission followed those guidelines. While I can be reasonably sure 
> that the connecting client is not an open relay, after IP based DNSBL, 
> I have no means to know that the site either enforces the submission 
> protocol in general, or did so for at least the messages it is about 
> to relay.

   I do not believe that you'll know any better by linking to a
registered domain, but YMMV. I will stipulate that in the absence of
a reputation service, the _explicit_ link to a registered domain
gives a bit more clout to an assumption that the domain registration
information is a "responsible party"; but neither domain registrars
nor the VHLO draft would enforce much of anything. :^(

John Leslie <>