On 03/28/2013 08:29 PM, Douglas Otis wrote:
IPv6 makes publishing IP address reputations impractical.
For individual addresses, sure. But one of the (if not *the*) primary
benefits of v4 reputation is the test of whether or not the address is
in a botnet range (aka, ranges assigned to end-users). That will still
work quite nicely with IPv6, assuming that the ISPs cooperate at roughly
the same levels they do now with IPv4.
Since IP
address reputation has been a primary method for identifying abusive
sources with IPv4, imposing ineffective and flaky replacement strategies
has an effect of deterring IPv6 use.
I personally don't believe this is true. One of the things that IPv6
advocates encourage folks to do is to put their mail infrastructure on
IPv6 first as a test, since the mail protocol is relatively forgiving.
That is a good piece of advice, which a lot of sites seem to have followed.
That said, I don't necessarily disagree with your thoughts about domain
reputation vs. IP address reputation. I think that there is room for
discussion about that.
On the other hand I don't agree with your negative view about DKIM and
SPF. I recently moved from an IHP to my own VPS, and set up both DKIM
and SPF for my active domains. The former has allowed me to send mail to
various places that didn't accept mail from my old IHP's servers. And I
have a hard-fail on my SPF records, and that has cut to nearly zero the
amount of Joe-job backscatter I receive (whereas previously it was in
the 3-10 messages per day range).
I don't think either mechanism is perfect, and I'm intrigued by DMARC
although I haven't really had time to study it yet. But in my anecdotal
experience both DKIM and SPF are useful at least, and seem to work well,
so I'd hate to see them out with the bathwater.
Doug