Re: [Asrg] What are the IPs that sends mail for a domain?

John Leslie <john@jlc.net> Tue, 30 June 2009 20:02 UTC

Return-Path: <john@jlc.net>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ED5D3A6EEF for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 13:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[AWL=-0.047, BAYES_00=-2.599, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6-DTp9KQalc for <asrg@core3.amsl.com>; Tue, 30 Jun 2009 13:02:12 -0700 (PDT)
Received: from mailhost.jlc.net (mailhost.jlc.net [199.201.159.9]) by core3.amsl.com (Postfix) with ESMTP id 2AC4B3A6EEC for <asrg@irtf.org>; Tue, 30 Jun 2009 13:02:12 -0700 (PDT)
Received: by mailhost.jlc.net (Postfix, from userid 104) id 4FB7233CA1; Tue, 30 Jun 2009 16:01:50 -0400 (EDT)
Date: Tue, 30 Jun 2009 16:01:50 -0400
From: John Leslie <john@jlc.net>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090630200150.GL57980@verdi>
References: <200906180105.VAA21834@Sparkle.Rodents-Montreal.ORG> <C8F0F10E-E1A4-4D25-AF20-31E3F0DB68DF@mail-abuse.org> <200906182044.QAA05200@Sparkle.Rodents-Montreal.ORG> <FED77586-8800-4BA6-99EA-30A1D9C089B6@mail-abuse.org> <200906190149.VAA06902@Sparkle.Rodents-Montreal.ORG> <B5252B96-F0AB-4D4A-A0DA-8314AA8E038F@mail-abuse.org> <4A3D366E.2020304@tana.it> <934f64a20906201606pff54ca3y904da141013f1d2a@mail.gmail.com> <4A490CC5.8020601@billmail.scconsult.com> <4A49C1DD.8020205@tana.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4A49C1DD.8020205@tana.it>
User-Agent: Mutt/1.4.1i
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2009 20:02:13 -0000

Alessandro Vesely <vesely@tana.it> wrote:
> Bill Cole wrote:
> 
>> 1. There is no working global mechanism for identifying an accountable 
>> party (i.e. one who explicitly *accepts* accountability) from an IP 
>> address, due largely to the political and historical variations in how 
>> IP addresses have been allocated.
> 
> At a first glance, this may seem a flaw in the rDNS/whois systems. 
> Upon reconsideration, I realize I have no means to accept 
> accountability for an IP address of mines, since SPF or CSV/CSA only 
> convey authorization for using a name.

   I'm not certain whether that is a helpful statement.

   SPF doesn't really "convey authorization for using" a name. It sets
out to convey information about which IP addresses are "expected" to
be used by MTAs sending emails "using" a name. But even that evades us
as SPF calls for executing a particular algorithm which returns
pass/fail (or something else...).

   CSV _does_ set out to convey _exactly_ "authorization for using a
name" in the HELO command; but the standard CSA query generally returns
a list of IP addresses which are "authorized" to use that HELO name.

> In facts, we don't even have a term for "the accountable party related
> to an IP address".

   Are you sure that's a useful concept?

   The CSV paradigm is that the operator of a MTA should exercise some
responsibility for what is sends. The HELO string identifies the MTA
(though not necessarily one string exclusively by one MTA), and the
DNS management for that domain-name string states whether that domain
exercises responsibility (and by automatic return of A)ddress RRs on
SRV queries, what IP address(es) that MTA uses).

   While this perhaps comes "close", it's not designating an "accountable
party"; and the IP address is related to the HELO string, not the other
way around. It does _not_ lead to an "accountable party" -- it merely
associates a reference string (the domain name) that we can use as a
query to reputation services.

> Dave's Email Arch mentions an Originator as "accountable for the 
> message content", but doesn't relate it to an IP address.

   ... or anything else...

> Rfc5068
" 
" This note recommends conventions for the operation of email submission
" and transport services between independent operators, such as
" enterprises and Internet Service Providers.

> associates accountability after submission with traceability features
> of the MSA, apparently suggesting that the first relaying thereafter
> is from an IP which is (indirectly) accountable for the message content.

   Actually,
" 
" Relaying and delivering employ policies that occur after submission and
" are outside the scope of this document.

RFC5068 deals with the operation of Mail Submission Agents. I don't agree
it even "suggests" how accountablity should follow the message as it
winds its way to the recipient.

--
John Leslie <john@jlc.net>