IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

"Emanuele Balla (aka Skull)" <skull@bofhland.org> Fri, 26 October 2012 08:12 UTC

Return-Path: <skull@bofhland.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D24E621F8578 for <asrg@ietfa.amsl.com>; Fri, 26 Oct 2012 01:12:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.56
X-Spam-Level:
X-Spam-Status: No, score=-2.56 tagged_above=-999 required=5 tests=[AWL=0.039, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4zyHo-yxF-Z for <asrg@ietfa.amsl.com>; Fri, 26 Oct 2012 01:12:27 -0700 (PDT)
Received: from mithrandir.bofhland.org (mithrandir.bofhland.org [IPv6:2a02:9a8:94::b]) by ietfa.amsl.com (Postfix) with ESMTP id 184D921F842D for <asrg@irtf.org>; Fri, 26 Oct 2012 01:12:25 -0700 (PDT)
Received: from zarathustra.local (zarathustra.spin.it [147.123.15.60]) by mithrandir.bofhland.org (Postfix) with ESMTPSA id 117C96C0A1 for <asrg@irtf.org>; Fri, 26 Oct 2012 10:12:23 +0200 (CEST)
Message-ID: <508A45E4.8000309@bofhland.org>
Date: Fri, 26 Oct 2012 10:12:20 +0200
From: "Emanuele Balla (aka Skull)" <skull@bofhland.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:16.0) Gecko/20121010 Thunderbird/16.0.1
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20121026003459.5415A800037@ip-64-139-1-69.sjc.megapath.net>
In-Reply-To: <20121026003459.5415A800037@ip-64-139-1-69.sjc.megapath.net>
X-Enigmail-Version: 1.4.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 08:12:33 -0000

On 10/26/12 2:34 AM, Hal Murray wrote:
> 
>> Anyway, back on topic: I'm still not convinced we'd be talking about
>> IPv6-based blacklists if we didn't have a long and successful history of
>> IPv4-based blacklists.
> 
> How about enumerating goodness rather than badness?
> 
> Does anybody have a list of techniques to consider?
> 
> We don't have to list IP Addresses.  We could list domains and only accept 
> mail if the IP Address reverses to a listed domain (and forward confirms).

It's even worse, probably.
Reverse DNS lookups have the same problem DNSxL lookups have about
caching. And usually also a much higher latency because they need to hop
through several delegations before getting an answer.


>> Can't we do something entirely different for IPv6? Like, use domain-based
>> filtering by making it mandatory to DKIM-sign a message you send over IPv6
>> outside of your network?
> 
> Does DKIM tell me anything about the sending site being good or bad?

No, but gives you an hook (the signing entity) you can bind to a
reputation score.


> If I get a DKIM signed message, I could lookup the domain rather than the 
> sender's IP address.  Does that avoid the too-many-IPv6 addresses problem?

Not necessarily. See subdomaining...


-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/

v2.8.7 | Report a Bug | By Email