ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] DNSBL and IPv6

2012-10-19 01:22:48
from [Mikael Abrahamsson] [Permanent Link] 

Hello.

I just subscribed to this list and tried to read up.
I'm very interested in IPv6 and SPAM, and I'd like to add some to the two last threads here regarding DNSBL and IPv6.
Fundamentally in IPv6, a "customer" (or entity or whatever) will in a lot of cases not a single IP address, but a network.
Households will get /64s, or get a /56 via DHCPv6-PD. Phones get a /64 or a network via DHCPv6-PD. Companies get /48 (or something else, but a bunch of networks). This is fundamentally how IPv6 was intended to be used, and hopefully that's how most ISPs will deliver it to customers.
So for spam detection to happen, detection of what is a "customer" needs to happen, and this needs to be on a network level, not single IPv6 address level. The RIR databases (at least RIPE) contain information about what kind of per-customer subnet size is for a certain large block of addresses.
Equivalent in IPv4 is "this customer has an IPv4 /26" and spam blocking would be done on a per-customer level, not per unique IPv4 address.
I'm a routing guy, not MUA/MTA guy, so I have little insight in what things look like in the real world outside of my personal setup with postfix, some DNSBL and procmail/spamassassin.
What I feel needs to happen is that policy needs to put in place to RIRs (via ISPs) can present "what is a customer" on a network level, and then this information can be put into DNS somehow, and used for DNSBL. 

Example:
An ISP serves 10000 households with connectivity, each household gets a /56, this is done via an IPv6 /42 (because this is in a single town and it's aggregated like that). So this /42 would be in some kind of "residential access" classification, so people could block on that, and if one wants to block unique spammers, then this needs to be identified on a /56 level.
In other places I've pitched that the RIRs would publish this information in some kind of format outside of whois, so perhaps we need to start there, to create a standard (I don't know who should create the standard, but agreeing that a standard is needed is one step) for how this information is published, is a first step. 

Thoughts?

--
Mikael Abrahamsson    email: swmike(_at_)swm(_dot_)pp(_dot_)se
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] DNSBL cache modelling, John Levine
Next by Date:  Re: [Asrg] DNSBL and IPv6, Matthias Leisi
Previous by Thread:  [Asrg] DNSBL cache modelling, John Levine
Next by Thread:  Re: [Asrg] DNSBL and IPv6, Matthias Leisi
Indexes:  [Date] [Thread] [Top] [All Lists]