ietf-asrg
[Top] [All Lists]

Re: [Asrg] Implementing IPv6 DNSBLs

2010-12-14 13:45:17
On Tue, Dec 14, 2010 at 8:32 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

Why?  The estimates I seen say that there are about 100,000 legitimate
mail emitters.  I do agree that there is not an obvious way to use the
DNS to find 100,000 addresses within the v6 address space without
blowing away DNS caches.

Some background on the "100'000".

At dnswl.org, we currently have a bit over 100'000 IPv4 netranges
listed, of which 99.9% are /32s.

Further, we aggregate DNS logs to find all IPs that are queried in our
zone. At any point in time, this list contains some 100'000 additional
IPs. These IPs pass the following tests:

* Have rDNS
* Are not listed in a small number of DNSBLs at the time of being added
* Are seen more than a trivial number of times
* Are not in a small "veto list" which we maintain (eg RFC1918, some
often ill configured IP ranges like 3.0.0/24, IANA reserved space
etc).

It is safe to assume that there may be about 50k to 75k actually
legitimate IPs left which we do not (yet!) list.

We also measure the traffic per IP, approximated through the number of
queries we see in the DNS logs. While this is mathematically not
correct, we at least have a consistent error, in that we underestimate
the bigger senders (better caching = less hits in our logs).

On this traffic measure, the 100k IPs currently listed are about 90%
of the traffic we observe. Now this excludes traffic that is never
visible in our logs (eg large organisations that may have email
exchange over dedicated mailservers/IPs), so we do not claim to cover
90% of "all" or "worldwide" traffic.

I still don't see any practical reason to exchange mail over v6.  Even

In some distant future, everything will be v6. *cough*

-- Matthias
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>