On 18/08/2012 11:59, Daniel Feenberg wrote:
It is one thing to say that support for IPv6 is the morally correct
action, and another to point out a benefit to the receiver of
accepting IPv6 mail, when all of the same mail is available over
IPv4. Will it be possible for the IETF to convince major legitimate
senders to drop support for IPv4 mail? Would anyone here drop support
of IPv4 email for their employer or customer as a matter of
principle?
+1
I can't see IPv4 SMTP stopping until IPv4 is obsolete. Even if a
business can only get IPv6 addresses for themselves, there will be
people offering IPv4 SMTP gateways that they can use, and they'll use
those gateways or they'll be cut off from most of the world who will
still be using IPv4. So, IPv4 mail is pretty much here to stay for the
foreseeable future. So, given that, why would people start accepting
IPv6 mail? It may not be the politically correct thing to say, but
that's the way it is...
However, discussing 'is there a better way of handling spam than RBLs?'
is worthwhile with IPv4 regardless of whether IPv6 is in use or not.
Personally, I think SMTP as we know it is more likely to be killed off
by spam than it is to become reliant on IPv6.
My view is that we need to move towards having 'authorised senders',
possibly by buying a a certificate (or similar) with a 'CA' checking
you're 'suitable' to be sending mail (eg a legitimate company or
person), and able to revoke the certificate if you abuse it. Yes, there
would be a cost to this (if you want to be able to send mail from your
domain - I'm thinking similar costs to, say, a code-signing certificate
which has more stringent checks than a website SSL cert), so it wouldn't
be popular, but I'm beginning to think that would be one of the only
ways which would work and wouldn't be a kludge as RBLs or greylisting
etc are.
I'd have thought this could be added without that much difficulty by
requiring TLS for all public MTA-MTA transactions and starting to do
client certificate based authentication (any non TLS or non-certified
transactions could be accepted, but treated as suspect and scanned more
thoroughly)
While SPF and DKIM etc should in theory help, they seem to be unpopular
to some people, and while they can be useful in the fight against spam,
they aren't actually anti-spam systems themselves.
-
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg