Re: [Asrg] [ASRG] SMTP pull anyone?

[Douglas Otis <dotis@mail-abuse.org>]

On 8/26/09 8:48 PM, Chris Lewis wrote:
> Steve Atkins wrote:
>
>> I see this asserted a lot, but I don't really see much in the way of
>> plausible arguments to back it up.
>>
>> If anything, some blacklist techniques are likely to be easier and
>> more effective on IPv6 than v4 for the obvious NAT / dynamic
>> assignment reasons.
>
> Frankly, I don't think anything that earth shattering will occur, even
> if ipv6 takes over completely.
>
> Undoubtably some techniques will work better, some about the same, and
> some won't work worth squat - they'll either evolve to work better, fade
> into meaninglessness, or just outright die.
>
> It's not as if it hasn't happened before. See much use of open relay
> DNSBLs anymore? Thought not.

Treating /64 (the network of an IPv6 addresses) as having the same 
reputation is destine for support issues when exceptions are needed for 
various legitimate services.

When establishing an IPv6 block list, once exceptions are made, 
retaining evidence for each of these exceptions removes any semblance of 
there being an upper limit on the number of IP addresses logged.  After 
all, bad actors will start wearing large snowshoes in exception ranges.

For IPv6 addresses to become first-class citizens of the email 
community, listing those that should be accepted rather those blocked 
represents perhaps the only scalable solution while using similar tools. 
  Using DKIM messages to request inclusion of a new domain can also 
assist in validating the servers.

Alternative solutions such as accessing a link returned to the domain 
might be used as well.  Nevertheless, DKIM should help reduce the 
validation steps needed, and could help prioritize and expedite 
inclusions requests.  Knowing the domain rather than just an IP address 
also allows more extensive correlations with prior abuses.

-Doug