IETF Logo Mail Archive

[Asrg] DNSBL and IPv6

Mikael Abrahamsson <swmike@swm.pp.se> Fri, 19 October 2012 06:22 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0438021F848F for <asrg@ietfa.amsl.com>; Thu, 18 Oct 2012 23:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqDx9tCZHyFq for <asrg@ietfa.amsl.com>; Thu, 18 Oct 2012 23:22:32 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8CF21F848D for <asrg@irtf.org>; Thu, 18 Oct 2012 23:22:31 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 8C5A79C; Fri, 19 Oct 2012 08:22:27 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 82FA69A for <asrg@irtf.org>; Fri, 19 Oct 2012 08:22:27 +0200 (CEST)
Date: Fri, 19 Oct 2012 08:22:27 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: asrg@irtf.org
Message-ID: <alpine.DEB.2.00.1210190822090.28593@uplift.swm.pp.se>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2012 06:22:33 -0000

Hello.

I just subscribed to this list and tried to read up.

I'm very interested in IPv6 and SPAM, and I'd like to add some to the two last 
threads here regarding DNSBL and IPv6.

Fundamentally in IPv6, a "customer" (or entity or whatever) will in a lot of 
cases not a single IP address, but a network.

Households will get /64s, or get a /56 via DHCPv6-PD. Phones get a /64 or a 
network via DHCPv6-PD. Companies get /48 (or something else, but a bunch of 
networks). This is fundamentally how IPv6 was intended to be used, and 
hopefully that's how most ISPs will deliver it to customers.

So for spam detection to happen, detection of what is a "customer" needs to 
happen, and this needs to be on a network level, not single IPv6 address level. 
The RIR databases (at least RIPE) contain information about what kind of 
per-customer subnet size is for a certain large block of addresses.

Equivalent in IPv4 is "this customer has an IPv4 /26" and spam blocking would 
be done on a per-customer level, not per unique IPv4 address.

I'm a routing guy, not MUA/MTA guy, so I have little insight in what things 
look like in the real world outside of my personal setup with postfix, some 
DNSBL and procmail/spamassassin.

What I feel needs to happen is that policy needs to put in place to RIRs (via 
ISPs) can present "what is a customer" on a network level, and then this 
information can be put into DNS somehow, and used for DNSBL.

Example:

An ISP serves 10000 households with connectivity, each household gets a /56, 
this is done via an IPv6 /42 (because this is in a single town and it's 
aggregated like that). So this /42 would be in some kind of "residential 
access" classification, so people could block on that, and if one wants to 
block unique spammers, then this needs to be identified on a /56 level.

In other places I've pitched that the RIRs would publish this information in 
some kind of format outside of whois, so perhaps we need to start there, to 
create a standard (I don't know who should create the standard, but agreeing 
that a standard is needed is one step) for how this information is published, 
is a first step.

Thoughts?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.8.7 | Report a Bug | By Email