Re: [Asrg] [ASRG] SMTP pull anyone?

Daniel Feenberg <> Wed, 26 August 2009 21:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4BC5B3A6CF5 for <>; Wed, 26 Aug 2009 14:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IJN72226zdA0 for <>; Wed, 26 Aug 2009 14:30:21 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 40A273A672F for <>; Wed, 26 Aug 2009 14:30:20 -0700 (PDT)
Received: from ( []) by (8.14.1/8.13.8) with ESMTP id n7QLUPBu065727 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for <>; Wed, 26 Aug 2009 17:30:26 -0400 (EDT) (envelope-from
Received: from (localhost []) by (8.13.8+Sun/8.13.8) with ESMTP id n7QLMchZ020981; Wed, 26 Aug 2009 17:22:38 -0400 (EDT)
Received: from localhost (Unknown UID 1079@localhost) by (8.13.8+Sun/8.13.8/Submit) with ESMTP id n7QLMaon020978; Wed, 26 Aug 2009 17:22:38 -0400 (EDT)
X-Authentication-Warning: Unknown UID 1079 owned process doing -bs
Date: Wed, 26 Aug 2009 17:22:35 -0400 (EDT)
From: Daniel Feenberg <>
To: Anti-Spam Research Group - IRTF <>
In-Reply-To: <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Sendmail with Milter API 5.6.20, bases: 20090826 #2444719, check: 20090826 clean
Subject: Re: [Asrg] [ASRG] SMTP pull anyone?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Aug 2009 21:30:22 -0000

On Wed, 26 Aug 2009, John Levine wrote:

>> Rich, does ipv6 change any of this?
> I'm not Rich, but the open question at this point is how effective
> DNSBLs will be on IPv6.

I think it unlikely that an IPv6 only MTA will ever have acceptance even 
as wide as, for instance, MTAs with "pool" or "dial-up" in their RDNS. 
IPv6 only MTAs will be refused by many MTAs. There are simply too many 
IPv6 addresses to blacklist bad hats, and blacklisting /48s would be a 
very broad brush. The advantage of IPv4 is that the number of addresses is 
finite, and legitimate holders of addresses are loath to waste them.

I understand that many IPv6 capable MTAs exist, but I expect they do all 
or nearly all of their external traffic via IPv4. I don't mean a general 
condemdantion of IPv6, I am only saying that SMTP traffic from strangers 
on IPv6 is not likely to be worthwhile.

Daniel Feenberg

> A DNSBL that blocks a single IP at a time, like the CBL and XBL, would
> be unworkable.  A typical v6 setup allocates a /64 to each host which
> allows various sorts of clever self-configuration, but also means the
> host can easily use a different IP address for every connection it
> ever makes. (At one address per millisecond, it would take 500 million
> years to run through a /64.)  DNSBLs can and do list ranges, and an
> obvious change would be to make the finest listed granularity be a
> /64, but we really have no idea how the vast number of v6 addresses
> will be handed out, and whether it will be practical to create
> listings that cover all of the available addresses for a particular
> host without also listing a lot of its neighbors.
> This suggests that whitelisting techniques (most likely based on DKIM)
> will become much more important to recognize mail from people you know
> are credible.
> R's,
> John
> _______________________________________________
> Asrg mailing list