Re: [Asrg] What are the IPs that sends mail for a domain?

Steve Atkins <steve@blighty.com> Wed, 17 June 2009 15:35 UTC

Return-Path: <steve@blighty.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B15B3A6932 for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 08:35:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spETU2qyuqDg for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 08:35:06 -0700 (PDT)
Received: from m.wordtothewise.com (fruitbat.wordtothewise.com [208.187.80.135]) by core3.amsl.com (Postfix) with ESMTP id 67FC13A685E for <asrg@irtf.org>; Wed, 17 Jun 2009 08:35:06 -0700 (PDT)
Received: from [192.168.80.34] (184.wordtothewise.com [208.187.80.184]) by m.wordtothewise.com (Postfix) with ESMTP id B38F04F83C9 for <asrg@irtf.org>; Wed, 17 Jun 2009 08:35:04 -0700 (PDT)
Message-Id: <2CCD8D69-9E16-4FCA-B71A-6D9037BAF712@blighty.com>
From: Steve Atkins <steve@blighty.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <Pine.GSO.4.64.0906171110310.20708@nber6.nber.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Wed, 17 Jun 2009 08:35:17 -0700
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <Pine.GSO.4.64.0906161906450.27272@nber6.nber.org> <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com> <Pine.GSO.4.64.0906171110310.20708@nber6.nber.org>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 15:35:07 -0000

On Jun 17, 2009, at 8:17 AM, Daniel Feenberg wrote:

>
>
> On Wed, 17 Jun 2009, Steve Atkins wrote:
>
>>
>> On Jun 16, 2009, at 4:17 PM, Daniel Feenberg wrote:
>>> Because it would be impossible to maintain a DNSBL for IPV6,
>>
>> I keep hearing people say this, but I've not seen any clear  
>> justification for it. It seems to me to be no more difficult to run  
>> a blacklist for IPv6 addresses than IPv4 addresses (neither is  
>> easy, but the details of the address representation don't seem to  
>> make more than minor differences).
>>
>> Can you expand on why you think it's the case, or point me at some  
>> discussion of it?
>
> Of course a spammer could reuse an IPV6 address, and then a DNSBL  
> could catch subsequent spam from that address. But there isn't any  
> need to reuse IPV6 addresses - they are nearly infinite in number,  
> each customer is assigned billions by default and there is no real  
> need for the spammer to restrict himself to his officially listed  
> addresses.

Which is why you'd list the /64 or /48 in most cases. That's not  
difficult to do, even with bind, and is easy to manage with any decent  
database backend.

>
> IPV4 DNSBL work, even though they are "listing badness" because IPV4  
> address space is finite. That means that "listing badness" isn't  
> really different from "listing goodness". But if badness is  
> infinite, then listing bad addresses won't be effective.

I don't think that reasoning really holds water, there. IPv6 space is  
also finite. There'd need to be minor operational changes to support  
it, and there are a couple of naive approaches currently used in IPv4  
that would fail dismally in IPv6 without some changes, but nothing  
particularly difficult.

If anything, reduction in use of NATs might make some sorts of  
blacklist more accurate and effective in IPv6 space than in IPv4.

> Note that my argument that MTAs with only IPV6 won't be established  
> is not contradicted by the existence of MTAs with IPV6 and IPV4  
> connectivity. Nor does it really depend on the difficulties with  
> DNSBLs, although that is an additional obstacle. The major obstacle  
> is the limited connectivity that an IPV6 only MTA would have.


Cheers,
   Steve