IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

Hal Murray <hmurray@megapathdsl.net> Fri, 26 October 2012 00:35 UTC

Return-Path: <hmurray@megapathdsl.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 427DD21F856D for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 17:35:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.288
X-Spam-Level: ****
X-Spam-Status: No, score=4.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40vDgRHvKpQN for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 17:35:00 -0700 (PDT)
Received: from ip-64-139-1-69.sjc.megapath.net (ip-64-139-1-69.sjc.megapath.net [64.139.1.69]) by ietfa.amsl.com (Postfix) with ESMTP id A10C321F848F for <asrg@irtf.org>; Thu, 25 Oct 2012 17:35:00 -0700 (PDT)
Received: from shuksan (localhost [127.0.0.1]) by ip-64-139-1-69.sjc.megapath.net (Postfix) with ESMTP id 5415A800037; Thu, 25 Oct 2012 17:34:59 -0700 (PDT)
X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
From: Hal Murray <hmurray@megapathdsl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 25 Oct 2012 17:34:59 -0700
Message-Id: <20121026003459.5415A800037@ip-64-139-1-69.sjc.megapath.net>
Cc: Hal Murray <hmurray@megapathdsl.net>
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 00:35:01 -0000

> Anyway, back on topic: I'm still not convinced we'd be talking about
> IPv6-based blacklists if we didn't have a long and successful history of
> IPv4-based blacklists.

How about enumerating goodness rather than badness?

Does anybody have a list of techniques to consider?

We don't have to list IP Addresses.  We could list domains and only accept 
mail if the IP Address reverses to a listed domain (and forward confirms).

Would ISPs be willing to run a (white)list of their customers?  (Either by 
domain or IP Address.)  How about web hosters?

> Can't we do something entirely different for IPv6? Like, use domain-based
> filtering by making it mandatory to DKIM-sign a message you send over IPv6
> outside of your network?

Does DKIM tell me anything about the sending site being good or bad?

If I get a DKIM signed message, I could lookup the domain rather than the 
sender's IP address.  Does that avoid the too-many-IPv6 addresses problem?


> I'm obviously biased since I run dnswl.org, but an IPv6-based whitelist may
> work better than an IPv6-based blacklist. Enumerating the goodness is
> generally easier than enumerating the badness. 

What fraction of email comes from hosts you have listed?  How hard would it 
be to scale your list up to cover the whole world?

Assuming that you don't want to put all your eggs in one basket, how many 
white lists would you need and/or how would you decide the order to check 
them?

Do we need a list of ISPs that maintain a list of their their clients?


-- 
These are my opinions.  I hate spam.

v2.8.7 | Report a Bug | By Email