My personal view is that IPv6 for widespread email use is well in the future.
I think you'll find few experts who think that there's an urgent need for IPv6
for email. But IPv6 is currently being used for email (Google and Comcast are
among those currently accepting email over IPv6 - and these are big players)
and its use could (and probably will) increase. I think it would be a rather
bad idea if spammers got an easy ride if they were to send mail over IPv6.
And personally, I think it would also be bad if we told people to start using
IPv6 as soon as possible, except for email because we don't really know how to
do spam filtering there.
Anyway, back on topic: I'm still not convinced we'd be talking about IPv6-based
blacklists if we didn't have a long and successful history of IPv4-based
blacklists.
IP-blacklists work well on IPv4 because the IP-space is small enough to keep
the lists small and large enough so that different IPs really mean different
senders.
I haven't really seen a suggestion on how to run IPv6-based blacklists that
convinced me. (That's a rather unscientific claim, I know. I'd love for people
to help John with his simulation so that we get a better idea; note that he
doesn't need IPv6 data. I'm afraid I don't have the required data myself.)
Can't we do something entirely different for IPv6? Like, use domain-based
filtering by making it mandatory to DKIM-sign a message you send over IPv6
outside of your network? As long as IPv4 and IPv6 are running in parallel it
should be possible for IPv6 MTA to refuse messages that aren't DKIM-signed -
and tell the sender to retry over IPv4.
I know this isn't an ideal solution either (one weakness is that it allows you
to DDoS an MTA by sending large numbers of messages with an invalid signature),
but perhaps it's better than trying to make IP-blacklists work over IPv6? Or
perhaps someone can come with a better X now that MTAs can still afford to tell
IPv6-senders "do X or retry over IPv4".
Martijn.
________________________________
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg