Re: [Asrg] What are the IPs that sends mail for a domain?

Alessandro Vesely <vesely@tana.it> Tue, 30 June 2009 07:41 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 194C528C1F6 for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 00:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level:
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[AWL=-0.080, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UTUd3AXajjQ1 for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 00:41:53 -0700 (PDT)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 0DDB73A6CFC for <asrg@irtf.org>; Tue, 30 Jun 2009 00:41:52 -0700 (PDT)
Received: from mach-4.tana.it (mach-4.tana.it [194.243.254.189]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Tue, 30 Jun 2009 09:42:07 +0200 id 00000000005DC033.000000004A49C1CF.000048C6
Message-ID: <4A49C1DD.8020205@tana.it>
Date: Tue, 30 Jun 2009 09:42:21 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: asrg@irtf.org
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com> <2F26F23C-F1B4-4FD4-BAEB-53168072FF5D@mail-abuse.org> <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <C8F0F10E-E1A4-4D25-AF20-31E3F0DB68DF@mail-abuse.org> <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com>
In-Reply-To: <4A490CC5.8020601@billmail.scconsult.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 07:41:54 -0000

Bill Cole wrote:
> 1. There is no working global mechanism for identifying an accountable 
> party (i.e. one who explicitly *accepts* accountability) from an IP 
> address, due largely to the political and historical variations in how 
> IP addresses have been allocated.

At a first glance, this may seem a flaw in the rDNS/whois systems. 
Upon reconsideration, I realize I have no means to accept 
accountability for an IP address of mines, since SPF or CSV/CSA only 
convey authorization for using a name. In facts, we don't even have 
a term for "the accountable party related to an IP address".

Dave's Email Arch mentions an Originator as "accountable for the 
message content", but doesn't relate it to an IP address. Rfc5068 
associates accountability after submission with traceability 
features of the MSA, apparently suggesting that the first relaying 
thereafter is from an IP which is (indirectly) accountable for the 
message content. Reasoning by induction on the hops, one may 
conclude that all relays using a smarthost are accountable: 
smarthosts require either IP/firewall configuration or 
authentication (assuming they are not open relays.) Accountability 
breaks at the MX-driven relay, often referred as "boundary".

> Funneling email through MSA systems run by providers that in principle 
> have some means of holding their users accountable and are capable of at 
> least understanding bad behavior in mail if not always keeping it 
> controlled is the best partial workaround we have, and it implies the 
> need for domain-level accountability or its equivalent.

Why is it partial?

"Domain-level accountability" is a good approximation. However, a 
smarthost is not necessarily within the same domain (e.g. ukisp.com 
is not even in the same 1st level domain) or the same organization. 
How does accountability degrade through indirection? That is, would 
you trust an SMTP client the same if it relays on behalf of some 
other party?