On 12/13/10 10:32 PM, Matthias Leisi wrote:
On Mon, Dec 13, 2010 at 11:37 PM, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
>
> For SMTP to survive, SMTP must cryptographically authenticate the
> domain of the server publicly issuing the message. This domain
> must also encompass
Not necessarily. IP-based whitelisting may be Good Enough[tm] for
that purpose.
v6 white-listing takes renumbering to a horrific place and might work
only during an initial transition where the number of v6 only sources
are few. Over a period of a few years, these numbers are likely to
explode into millions.
> Unfortunately, anyone that assumes blocking lists will be able to
> selectively exclude sections of the v6 Interface, or that these
> addresses will be typically assigned manually is likely in for a
> very rude awakening. No doubt while people whisper sweet v6 DNSBLs
> into their ear. :^)
Do not think in DNSBL terms, but from a DNSWL angle. In whitelisting
scenarios, a sub-/64 assignments are both technically and
operationally feasible and can be useful in some scenarios:
* shared hosting environments (where I don't think each user will
get a full /64) * E-mail service providers * 4-to-6 NAT/PAT * Likely
some more...
Why not offer v6 to v4 tunneling where there is truly zero tolerance for
unsolicited commercial email? Dealing with individual v6 addresses will
be difficult to vet compared to previously seen domains. Using domains
leaves a smaller number of legitimate new entries. v6 will not allow
even a few UCEs to be considered acceptable from source IP addresses.
However, it would be safer to grant tolerance from specific domains when
sending servers have been authenticated by domain.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg