Detect whether public IP address is dynamic or static

Question

There are several email servers refusing connections of clients with public dynamic IP addresses. For example many smtp servers receiving emails only accept connections to clients having static IP adresses to avoid spam emails which are directly sent from computers having dynamic IP addresses.

When I looked for answers using google I only found information saying it is impossible to distinguish between static/dynamic addresses. So how do the email servers do it? Are there any databases providing information for specific IP ranges?

Have a look at the MX records of t-online.de (one of the largest German email providers). Try to connect to mx00.t-online.de:25 using Putty (raw mode) on a computer having a dynamic IP address. The mail server immediately closes the connection and does not even allow the client to send any command, while a connection of a server having a static IP is not refused.

Or have a look at the following extract of a SMTP session:

220 mailin.rzone.de [joses mi173] ESMTP RZmta 29.19 ready
EHLO Home-PC
250-mailin.rzone.de [joses mi173] greets 87.179.163.89
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-PIPELINING
250-DELIVERBY
250-SIZE 104857600
250 HELP
MAIL FROM:<[email protected]>
250 2.1.0 <[email protected]> Sender ok
RCPT TO:<[email protected]>
550 5.7.1 87.179.163.89 is a dynamic IP

This is the email server for customers of Strato, a German hosting company, which also denies access to clients having a dynamic IP address. Email addresses have been changed. I used a recipient address which is acceptable for mailin.rzone.de, so there is no relay issue.

Also http://whatismyipaddress.com/blacklist-check states the following:

Just because the IP is listed with a particular blacklist does not mean that you are sending spam, just that particular blacklist suggests not to accept mail directly from that IP address. Most residential Cable/DSL IP addresses that are dynamically assigned will indicate that they are blacklisted, meaning you should be sending from your ISP's mail server, not a mail server running on your own internet connection.

Answer 1

This is probably the result of using a DNS blacklist based on ISP-provided information about which of their IP addresses are authorized to send email directly. See Spamhaus' Policy Block List for an example.

The information isn't independently discoverable. Participating ISPs must provide the DNSBL services with information about their network.

However, in the case of some of these lists, like Spamhaus, the information is queryable by the general public under certain conditions. You couldn't detect whether IPs are static or dynamic directly, but could still check any particular IP.

You mentioned that whatismyipaddress.com incorrectly lists your current IP address as static. Using their blacklist check tool with your IP, 87.179.190.52, I see that they currently incorrectly show it as unlisted by Spamhaus' PBL (among others). The IP I'm connecting from is both correctly described as dynamic, and listed in the PBL, hinting that that might be what they're basing their information on.

Answer 2

I believe those email servers you're referring to only do a reverse DNS check so as long as you have a PTR record for that IP address, I think it should be OK.

Bottom line, I don't think dynamic IP allocation is an issue with mail servers.

Regarding the question, the only way I can think of is by looking at the WHOIS information, there's a field called NetType. Obviously, you cannot rely on it but at least it can give you an idea if the ISP did provide that information.