[LINK] RFI: Spam-registration of IP-addresses

[David Lochrin]

Roger,

In a previous post I agreed that IP addresses listed in Spamhaus, etc. were those of email servers found to be forwarding spam (probably generated by the client systems), however I suspect the situation can be more complicated.

I use both my Partner's computer at 'X' and my own at 'Y' and both of us have ISP accounts with AussieBroadband.  About 12 months ago a problem developed where my emails from 'X' to a GoogleGroups user and (later) emails from 'Y' to BigPond users were rejected, with the NDNs reporting a spam listing.  However I could successfully send to both these recipients from the _other_ location.

Eventually ABB changed my external IP address, which of course didn't help.

But without going into why I tried this, I discovered that enabling "server requires authentication" in my SMTP configuration fixed the problem despite sender-authentication not otherwise being required.  The message-relay header in emails transferred to ABB then included:

Received: from [...]
  (using TLSv1.2 with cipher [...]
  (No client certificate requested)
  (Authenticated sender: dlochrin at aussiebb.com.au) by mx4.wide.net.au (Postfix)  [...]

While SMTP authentication serves to authenticate the originator of an email to their ISP and may be good practice it isn't actually required by many ISPs, including ABB, so BigPond could hardly reject emails from non-authenticated originators or they'd be rejecting almost everything.  It seems to me that:
(a)   SMTP user-authentication apparently overrides the server's spam listing in at least some cases,
(b)   spam checking may go way beyond checking the "reputation" of the originator's server, and some organisations may check many addresses found in email headers.

If (b) is true, then it's worth noting that https://dnslytics.com/reverse-ip reports the subnet which includes <xamax.com.au or 74.220.219.159> hosts 1,290 domains.

Can any more knowledgeable Linkers comment on the above?

David Lochrin