ietf-asrg
[Top] [All Lists]

Re: [Asrg] [ASRG] SMTP pull anyone?

2009-08-27 05:26:59
On Wed, Aug 26, 2009 at 05:22:35PM -0400, Daniel Feenberg wrote:

I think it unlikely that an IPv6 only MTA will ever have acceptance even 
as wide as, for instance, MTAs with "pool" or "dial-up" in their RDNS. 
IPv6 only MTAs will be refused by many MTAs. There are simply too many 
IPv6 addresses to blacklist bad hats, and blacklisting /48s would be a 
very broad brush. The advantage of IPv4 is that the number of addresses is 
finite, and legitimate holders of addresses are loath to waste them.

I understand that many IPv6 capable MTAs exist, but I expect they do all 
or nearly all of their external traffic via IPv4. I don't mean a general 
condemdantion of IPv6, I am only saying that SMTP traffic from strangers 
on IPv6 is not likely to be worthwhile.

I think this assumption has some problems, particularly in the area of
IPv6 transition.

If one assumes that RFC3974 is still generally valid, and sites use both
A and AAAA records for MXes (as we do here), then such sites may receive
email via IPv4 or IPv6, depending on the preference of the sending MTA.
And that's the important thing - that MTA if sendmail (for example)
defaults to trying IPv6 first, so you won't just receive IPv6 SMTP
connections by being IPv6 only, but also from any sender who, probably
like you, is dual-stack.

We choose to run MTAs dual-stack so we can accept mail (internally or
externally) from IPv4-only, IPv6-only or of course dual-stack nodes.

I think if you reject IPv6 SMTP, even if 'just' from strangers, you 
make transition harder - you either don't turn on v6, or if you do you
prefer v4 over v6.  Neither helps transition.

Based on our stats from June, we received an average of 158,000 messages
per day over IPv4 transport, of which 81% were deemed spam, while we 
received 438 (yes, 438!) messages via per day IPv6, of which 32% were spam.
So even for us, v6 is less than 1% of all received mail.

The spam was largely from dual-stack mail list servers, not from random
clients/hosts.   But it's interesting to look at specific connections -
non list spam tends to come from autoconfigured v6 addresses (implying
desktops) while 'good' mail comes from apparently manually configured
IPv6 addresses (because v6 admins know to not use autoconf addresses on
their servers).

One day I will convert the experience of 3+ years of running a dual-stack
MTA in production to a draft, and analyse the (at least) year's worth of 
data on v6 spam sources that we have :)

Tim
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg