ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] NATs and spam

2007-03-05 05:11:13
from [Daniel Feenberg] [Permanent Link] 


On Sun, 4 Mar 2007, Douglas Otis wrote:





<snip>>
Perhaps in a few years there will be a forklift changeover to IPv6 when NATs and firewall automation goes awry, where network and memory manufactures rejoice. When that happens, this will likely thwart IP address scrutiny, or reverse lookup schemes. IPv6 may mean public "anonymous" messages can not be accepted without first confirming a CA certificate. It is obvious having a registered domain will not represent an impediment to abuse. The cost of sending an message may someday be a CA cert. While something like DKIM offers a means for domains to assert their certificates, some type of accreditation analogous to a CA is still be required.
Is smtp mail ever likely to switch to IPV6? I don't anticipate ever accepting mail from IPv6 addresses on our mailserver, simply because there are too many addresses for Spamhaus to keep track of. Given the difficulty IPV6 is having already I would guess that even if IPv6 became very widespread, it would never even gain a foothold for MTA senders.
I understand that in Japan IPV6 is well established, does anyone know if Japanese mail servers ever use it? I understand that there are plans in the US Government to require agencies to use IPv6. Does anyone know if those plans anticipate forbidding agencies from sending/receiving mail at IPv4 addresses?
As (if?) IPv6 becomes more widespread, the operator of an MTA may have the choice of keeping his IPv4 address, or getting a certificate as this poster suggests. Since he already has the address, and the certificate will be complicated and expensive to acquire (and of limited use, since few receivers will recognize any particular certificate), I think the decision will be to do nothing. New entrants will either manage to obtain a single IPv4 address for the MTA, or use a smarthost. I don't anticipate addresses will ever be in such shortage that it will be harder to get *one* than any imaginable certificate.
An alternative scenario is for Spamhaus to start listing IPv6 addresses, but in blocks of /48. But that hardly seems likely. I think MTA operators would rather just avoid IPv6 altogether. 

Daniel Feenberg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, gep2
Next by Date:  Re: [Asrg] NATs and spam, der Mouse
Previous by Thread:  Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0, Chris Lewis
Next by Thread:  Re: [Asrg] NATs and spam, der Mouse
Indexes:  [Date] [Thread] [Top] [All Lists]