Re: [Asrg] [ASRG] SMTP pull anyone?

Jeff Macdonald <> Thu, 27 August 2009 03:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA9C13A690B for <>; Wed, 26 Aug 2009 20:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YrDENGe723CL for <>; Wed, 26 Aug 2009 20:17:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D6EF83A6814 for <>; Wed, 26 Aug 2009 20:17:22 -0700 (PDT)
Received: by with SMTP id 25so160662eya.27 for <>; Wed, 26 Aug 2009 20:17:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=HhsfBfcCEIa+2Wjy7xJ9S5ONpfEv46zI7MiEgkptwyA=; b=bNu+DQzcLe+NJKdu+Qdt4IW/wM49mqmNtKdAptICWU8XFArQQVjySYiWr3Xy06zDO5 pTWRYd3bzcDnTppR9mDztB8aAcF2S/jSZJgI2icPC9o+hcHMyq2bdylEW/PaAKNyqFIX bXAn7oQXwUmDi3M5gsYoL65gGSYVMZW9LvR3k=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=NHAGsU1BWRS1Fa54amwFKiHMW2MUXzFWPOBsdqAK5GqmqFIQK2oh8YvddLJLjPMEWe ilDIDcSb+1lMne+eyIJQZMzwl09UEYYxFhdwORMF5c7fVSyTZjVV0BiOWc40qXMWVy8W qSBpK47JnyEFEfEEGBMg/4/ozekAkZcBQrtaU=
MIME-Version: 1.0
Received: by with SMTP id i1mr9165337ebd.48.1251343048051; Wed, 26 Aug 2009 20:17:28 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
Date: Wed, 26 Aug 2009 23:17:28 -0400
Message-ID: <>
From: Jeff Macdonald <>
To: Anti-Spam Research Group - IRTF <>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] [ASRG] SMTP pull anyone?
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <>
List-Id: Anti-Spam Research Group - IRTF <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 27 Aug 2009 03:17:23 -0000

On Wed, Aug 26, 2009 at 6:21 PM, Rich Kulawiec<> wrote:
> On Wed, Aug 26, 2009 at 06:06:01PM -0000, John Levine wrote:
>> >Rich, does ipv6 change any of this?
>> I'm not Rich, but the open question at this point is how effective
>> DNSBLs will be on IPv6.
> What John said.
> Point blocks already have their issues, for example (a) hosts using
> dynamic addressing can hop around within a network allocation and
> (b) spammers can try to use snowshoe techniques to tread lightly
> enough to evade them.  And they can be unwieldly.  I think all of
> this is likely to get worse with IPv6.  I rather suspect that this
> will lead to mechanisms using entire network blocks -- some of which
> we already have.  (For example, we have MTAs that understand blacklists
> in CIDR format.)
> At least some of the other measures should continue working, though,
> as they're independent of IPv4-IPv6.  But I think while they may be
> helpful, they're not going to be enough.
> I don't see much help coming from SPF or DKIM or whatever: most of the
> spam that makes it past my setup is correctly marked with one of these.
> (<cough> Hotmail, Yahoo)  I expect this will get much worse as spammers
> begin to leverage the full power of the botnets they're operating.

So, if one were willing to accept that there will be valid IPv6 MTA
based connections, and the practicality of using IPv4 methods is no
longer feasible, then your list would be composed of only SMTP
envelope and body checks?

Jeff Macdonald
Ayer, MA