On 26/10/2012 14:32, Matthias Leisi wrote:
On Fri, Oct 26, 2012 at 3:27 PM, Mikael Abrahamsson
<swmike(_at_)swm(_dot_)pp(_dot_)se> wrote:
I believe it's going to be common enough that legitimate MTAs will move
around within their /64 quite frequently (privacy extensions that are
Using a /64 as a default seems reasonable, but a new standard for
DNSxL lookups should provide some flexibility, either for a full list
("default prefix length = /56") or on a more granular level (using
John L.'s original proposal, or some other useful method).
The problem with a /64 for black/white listing is that it's not quite
the same as an IPv4 /32. So, at the moment we may have a /25 or /26
block, but we'd still have a single IPv6 /64
We may run 50 customer dedicated mail servers on our /64 block, and
ideally we'd want each to have their own reputation. So, we couldn't do
this if DNSBL/WL filtering is on a /64 block. With our current IPv4 /26
each customer's server would have it's own reputation on an IPv4 DNSBL/WL.
Obviously we couldn't say what level of granularity we'd want, or
spammers would just say 'we want /128 granularity', to overload everything.
We could (theoretically) get a /48 block, but that would be a waste (I
know there are LOTS of /48's out there, but still), since we wouldn't
need it for routing, just for making it work with /64 based
black/whitelisting.
I can't think of a good answer to this, but our case is a use case which
isn't going to be that unusual.
-
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg