IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

Matthias Leisi <matthias@leisi.net> Fri, 19 October 2012 06:52 UTC

Return-Path: <matthias@leisi.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6968921F86F5 for <asrg@ietfa.amsl.com>; Thu, 18 Oct 2012 23:52:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.377
X-Spam-Level:
X-Spam-Status: No, score=-2.377 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqeTlb426Ddv for <asrg@ietfa.amsl.com>; Thu, 18 Oct 2012 23:52:35 -0700 (PDT)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by ietfa.amsl.com (Postfix) with ESMTP id C0EC321F868B for <asrg@irtf.org>; Thu, 18 Oct 2012 23:52:34 -0700 (PDT)
Received: by mail-ob0-f182.google.com with SMTP id wc20so178341obb.13 for <asrg@irtf.org>; Thu, 18 Oct 2012 23:52:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=1tIeoW/77XoVnLgF2xVrg6CC7XkCK0j1WKmWDLc+vdQ=; b=MVdSG0KZpYajZYjIxscKRAANK0Zq11AR3taX1uA6cebUTMgniIKE3w3udYSXoTO4wN w8Mu75UgTIG7Zn5bVTzdLaVt9ZXE0sauurfPMKpfmT0mILhz6X47RYWX/4p0T2ONIdoF t7Do7pBU0OqlusPGvgV7RiFWpuWdPdKkFIjj2IpPwLtbCzFopVKLGsxqV4lyaLOuAon0 +MDqV7bGLm48ob8VDIbW0rHzjqdXVtMW6gfg6kpUXp+0oFiqlpTJ4tjHOCHL0tD4+AN+ inutC7SHLnQhXAGt4UmRu9gu/zY/1p/LiDLJzFTqVqwAi8hc8bJiiRamZyDWaalt0AXz nICQ==
Received: by 10.60.19.37 with SMTP id b5mr508391oee.16.1350629554033; Thu, 18 Oct 2012 23:52:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.76.103 with HTTP; Thu, 18 Oct 2012 23:52:12 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.00.1210190822090.28593@uplift.swm.pp.se>
References: <alpine.DEB.2.00.1210190822090.28593@uplift.swm.pp.se>
From: Matthias Leisi <matthias@leisi.net>
Date: Fri, 19 Oct 2012 08:52:12 +0200
Message-ID: <CALgnk9rEPZwR5UHqeqSWQOPLYMOdLCF=hP1u+oeFatoVoavv3w@mail.gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmjSMcTM/dsQEh54a6dcaua5D9Z39jnQUF4HjfG7YRSFNpPCDfJVk9XF+bLe3FnAwXHfwfg
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 06:52:35 -0000

On Fri, Oct 19, 2012 at 8:22 AM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:

> Fundamentally in IPv6, a "customer" (or entity or whatever) will in a lot of
> cases not a single IP address, but a network.

At the beginning of an SMTP transaction, all you have is a single IP.

> Households will get /64s, or get a /56 via DHCPv6-PD. Phones get a /64 or a
> network via DHCPv6-PD. Companies get /48 (or something else, but a bunch of

As a spam filter (software developer), you may want to know more about
the reputation of the IP address connecting to you.

> So for spam detection to happen, detection of what is a "customer" needs to
> happen, and this needs to be on a network level, not single IPv6 address
> level. The RIR databases (at least RIPE) contain information about what kind
> of per-customer subnet size is for a certain large block of addresses.

You need an algorithm where you start from a single IP address and
then potentially "move up" until you get a meaningful result. That's
more or less what the B-tree algorithm suggested by John Levine some
months ago would offer: variable "depth" and "density" of data
controlled by the DNSxL operator optimized for the (on average) lowest
number of lookups needed.

At the same time, having a standardised and light-weight protocol to
determine the allocation policy by the ISP would be hugely helpful
(this will likely then be mirrored by the DNSxL operator). Absent such
data,third parties have to fall back to some default /64 etc.

> What I feel needs to happen is that policy needs to put in place to RIRs
> (via ISPs) can present "what is a customer" on a network level, and then
> this information can be put into DNS somehow, and used for DNSBL.

I don't know whether RIRs can mandate the publication of this data
through policy.

-- Matthias

v2.8.7 | Report a Bug | By Email