On Wed, 26 Aug 2009, John Levine wrote:
Rich, does ipv6 change any of this?
I'm not Rich, but the open question at this point is how effective
DNSBLs will be on IPv6.
I think it unlikely that an IPv6 only MTA will ever have acceptance even
as wide as, for instance, MTAs with "pool" or "dial-up" in their RDNS.
IPv6 only MTAs will be refused by many MTAs. There are simply too many
IPv6 addresses to blacklist bad hats, and blacklisting /48s would be a
very broad brush. The advantage of IPv4 is that the number of addresses is
finite, and legitimate holders of addresses are loath to waste them.
I understand that many IPv6 capable MTAs exist, but I expect they do all
or nearly all of their external traffic via IPv4. I don't mean a general
condemdantion of IPv6, I am only saying that SMTP traffic from strangers
on IPv6 is not likely to be worthwhile.
A DNSBL that blocks a single IP at a time, like the CBL and XBL, would
be unworkable. A typical v6 setup allocates a /64 to each host which
allows various sorts of clever self-configuration, but also means the
host can easily use a different IP address for every connection it
ever makes. (At one address per millisecond, it would take 500 million
years to run through a /64.) DNSBLs can and do list ranges, and an
obvious change would be to make the finest listed granularity be a
/64, but we really have no idea how the vast number of v6 addresses
will be handed out, and whether it will be practical to create
listings that cover all of the available addresses for a particular
host without also listing a lot of its neighbors.
This suggests that whitelisting techniques (most likely based on DKIM)
will become much more important to recognize mail from people you know
Asrg mailing list
Asrg mailing list