Re: [Shutup] [ietf-smtp] Levels of proposals

"John Levine" <> Fri, 04 December 2015 18:21 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 27C771B2BE3 for <>; Fri, 4 Dec 2015 10:21:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.037
X-Spam-Status: No, score=-1.037 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Wx7niIzLnFQW for <>; Fri, 4 Dec 2015 10:21:16 -0800 (PST)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EE5D71B2BCB for <>; Fri, 4 Dec 2015 10:21:15 -0800 (PST)
Received: (qmail 84564 invoked from network); 4 Dec 2015 18:21:14 -0000
Received: from unknown ( by with QMQP; 4 Dec 2015 18:21:14 -0000
Date: 4 Dec 2015 18:20:52 -0000
Message-ID: <20151204182052.40409.qmail@ary.lan>
From: "John Levine" <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Levels of proposals
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2015 18:21:17 -0000

>The WG proposal seems to imply taking all IPs out.  The discussion has
>mostly been about submission.
>It seems to me that there are at least three different IPs used, and some
>of these are going to be visible regardless of intent.
>Ie, there is the submission IPs, there are "internal" IPs, and external
>Submission IPs seem like the largest level of risk, and from my gross
>understanding of anti-spam, pretty minor.  ...

If every mail provider had infrastructure and instrumentation as
sophisticated as Google's, that would be more or less true.  But it's
going to be a long time until we get there.

Also, as other people have noted, you can learn a lot from cross
correlating what you see, e.g., I see a fair amount of spam from AUTH
attackers and it's useful to know where the bot is and see whether the
same bots are attacking multiple sites or categories of sites.

We certainly have stuff to talk about, but the tradeoffs are a vastly more
difficult and subtle than the WG's proponents appear to understand.  Chris
Newman's counterproposal would be a good place to start.