Re: [Asrg] What are the IPs that sends mail for a domain?

der Mouse <mouse@Rodents-Montreal.ORG> Wed, 17 June 2009 18:24 UTC

Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EE33E3A6955 for <>; Wed, 17 Jun 2009 11:24:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.734
X-Spam-Status: No, score=-9.734 tagged_above=-999 required=5 tests=[AWL=0.254, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8WEK+miFXMKv for <>; Wed, 17 Jun 2009 11:24:07 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG []) by (Postfix) with ESMTP id A610928C282 for <>; Wed, 17 Jun 2009 11:23:54 -0700 (PDT)
Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id OAA19238; Wed, 17 Jun 2009 14:24:06 -0400 (EDT)
From: der Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <200906171824.OAA19238@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
Date: Wed, 17 Jun 2009 14:14:32 -0400 (EDT)
To: Anti-Spam Research Group - IRTF <>
In-Reply-To: <>
References: <> <> <> <> <> <200906171517.LAA18188@Sparkle.Rodents-Montreal.ORG> <>
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Jun 2009 18:24:08 -0000

>> [SMTP] requires that the HELO/EHLO argument be a valid name for the
>> SMTP client host.
> Isn't the FQDN for a host the host name "dot" the domain name?

Only if you define "host name" and "domain name" that way.  It would be
logically consistent to do so (though somewhat confusing, because "host
name" and "domain name" are already in wide use to mean other things).

Defining them that way is really just giving names to a heuristic.  The
"domain name" determined that way will be what you want for a
substantial fraction of your mail clients, but by no means all (well,
unless you have a remarkably unusual mail stream).

> The host gets its name after some buddy edits the zone file.  Which
> zone file?  The domain's one.

That amounts to defining a host's "domain name" to be the next zone cut
at-or-above it in the DNS hierarchy.  That's a consistent definition,
and useful as a heuristic, but will fail in enough cases it's no better
than that.  (Fail meaning give you something other than what you want.)

Actually, it amounts to that for most hosts; for glue nameservers, the
"which zone file" heuristic gives a different domain than the "next
zone cut" one.  But neither one is better than a heuristic.  (Glue
nameservers usually aren't mailservers for mid- to large-size sites,
but for small private sites, it's not uncommon for everything to be on
the same machine.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B