Re: [Asrg] rDNS and cache issues, was How will we manage IPv6 spam?
"Emanuele Balla (aka Skull)" <skull@bofhland.org> Mon, 20 August 2012 09:08 UTC
Return-Path: <skull@bofhland.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 1811E21F8691 for <asrg@ietfa.amsl.com>;
Mon, 20 Aug 2012 02:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpicmW2Kqz-9 for
<asrg@ietfa.amsl.com>; Mon, 20 Aug 2012 02:08:39 -0700 (PDT)
Received: from mithrandir.bofhland.org (mithrandir.bofhland.org
[IPv6:2a02:9a8:94::b]) by ietfa.amsl.com (Postfix) with ESMTP id 4852121F8690
for <asrg@irtf.org>; Mon, 20 Aug 2012 02:08:38 -0700 (PDT)
Received: from enlil.local (baggins.skullkrusher.net [147.123.72.2]) by
mithrandir.bofhland.org (Postfix) with ESMTPSA id BC4BE6CAE5 for
<asrg@irtf.org>; Mon, 20 Aug 2012 11:08:35 +0200 (CEST)
Message-ID: <5031FE91.9000508@bofhland.org>
Date: Mon, 20 Aug 2012 11:08:33 +0200
From: "Emanuele Balla (aka Skull)" <skull@bofhland.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20120819233836.95876.qmail@joyce.lan>
In-Reply-To: <20120819233836.95876.qmail@joyce.lan>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] rDNS and cache issues, was How will we manage IPv6 spam?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2012 09:08:40 -0000
On 8/20/12 1:38 AM, John Levine wrote: >> If this problem is going to raise, it's going to raise exactly the same >> way with rDNS as well, so having v6 DNSBLs in place is going to make the >> problem worse by just a factor related only with the number of DNSBLs in >> place. 2x? 5x? > > That's true, but people I've talked to at large mail systems say > they're not planning to do rDNS lookups for v6 mail, both because of > the cache problems and because they don't think it will catch much > spam. Other than the spam problem there are other needs for rDNS lookups, starting from logging... So while I understand the approach (not that I completely agree with it), but I'm not sure it's completely feasible unless we change a lot of things in the way we usually work... > That's true, but what would be really nice would be DNSBLs that tried > to be smart about TTLs based on the amount of traffic an IP sends. > I'd think it should be possible to estimate that pretty well from > query logs. Sure, that could be a way: starting every listing with 0 TTL and increasing it up to a maximum if it's generating an intense mail flow. Doing the opposite, though (lowering the TTL as the mail source "calms down") could be less easy to do: the same presence of caching inhibits the DNSBL from estimating the lookup rate... Note anyway that we're only considering the case of positive DNS answers (or listed entities), but I'd expect that most of the cache blowup problem will be generated by NXDOMAINs, at list at first. We have much less control on that... >> make it query for the /64 network instead of the full address, ... >> This would significantly reduce the size of the caching problem, but >> would render listings much less granular and whiltelisting of single >> hosts basically impossible... > > I think you'll also find that you're blacklisting whole racks at > hosting companies when one customer has an insecure PHP script. Know that, yes... >> I already had the chance to tell you that, but RIPE DB provides an >> "assignment-size" field with this explicit purpose: > > Do you really want people querying that at DNSBL rates? This needs > to be at a lower level. Not suggesting it for end-user lookups. Simply suggesting that if that information is published in whois, it's there for whoever wants to collect it and use it (starting with DNSBLs). BTW, in order to make the same information available and easily queryable from end users, the most obvious place to put it is probably rDNS; but again, you'll have all the caching problems again. >>> * Can we build models to predict this stuff now, since under the most >>> optimistic scenario it'll still be years before the v6 mail volume >>> approaches v4 mail volume. >> >> DUNNO > > Hey, I know a research group where we could give it a try. ;-)
- [Asrg] How will we manage IPv6 spam? John R. Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? John Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Emanuele Balla (aka Skull)
- Re: [Asrg] How will we manage IPv6 spam? SM
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine
- Re: [Asrg] rDNS and cache issues, was How will we… Emanuele Balla (aka Skull)
- Re: [Asrg] rDNS and cache issues, was How will we… Matthias Leisi
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine