IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

Martijn Grooten <martijn.grooten@virusbtn.com> Thu, 25 October 2012 12:14 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2E321F892C for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 05:14:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hCldNH3GrFj for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 05:14:15 -0700 (PDT)
Received: from mx3.sophos.com (mx3.sophos.com [216.47.234.212]) by ietfa.amsl.com (Postfix) with ESMTP id AFD0621F8928 for <asrg@irtf.org>; Thu, 25 Oct 2012 05:14:14 -0700 (PDT)
Received: from mx3.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 9654C1884C8 for <asrg@irtf.org>; Thu, 25 Oct 2012 13:14:13 +0100 (BST)
Received: from ABN-EXCH1A.green.sophos (unknown [10.100.70.61]) by mx3.sophos.com (Postfix) with ESMTPS id 101E4188357 for <asrg@irtf.org>; Thu, 25 Oct 2012 13:14:13 +0100 (BST)
Received: from abn-exch1b.green.sophos ([fe80::dc96:facf:3d2c:c352]) by ABN-EXCH1A.green.sophos ([fe80::67:3150:dacd:910d%16]) with mapi id 14.02.0247.003; Thu, 25 Oct 2012 13:14:01 +0100
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Thread-Topic: [Asrg] DNSBL and IPv6
Thread-Index: AQHNslR6xC5czKb9GUqL86cjG76NGpfJQSSAgAADF4CAAIJVgIAAIJXg
Date: Thu, 25 Oct 2012 12:14:00 +0000
Message-ID: <0D79787962F6AE4B84B2CC41FC957D0B0D22655F@abn-exch1b.green.sophos>
References: <20121025024859.3176.qmail@joyce.lan> <A6AF6224-421E-4483-834B-A1F658BEC7C6@blighty.com> <50891887.50103@pscs.co.uk>
In-Reply-To: <50891887.50103@pscs.co.uk>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.100.110.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2012 12:14:16 -0000

> My personal view is that IPv6 for widespread email use is well in the future.

I think you'll find few experts who think that there's an urgent need for IPv6 for email. But IPv6 is currently being used for email (Google and Comcast are among those currently accepting email over IPv6 - and these are big players) and its use could (and probably will) increase. I think it would be a rather bad idea if spammers got an easy ride if they were to send mail over IPv6.

And personally, I think it would also be bad if we told people to start using IPv6 as soon as possible, except for email because we don't really know how to do spam filtering there.

Anyway, back on topic: I'm still not convinced we'd be talking about IPv6-based blacklists if we didn't have a long and successful history of IPv4-based blacklists.

IP-blacklists work well on IPv4 because the IP-space is small enough to keep the lists small and large enough so that different IPs really mean different senders.

I haven't really seen a suggestion on how to run IPv6-based blacklists that convinced me. (That's a rather unscientific claim, I know. I'd love for people to help John with his simulation so that we get a better idea; note that he doesn't need IPv6 data. I'm afraid I don't have the required data myself.)

Can't we do something entirely different for IPv6? Like, use domain-based filtering by making it mandatory to DKIM-sign a message you send over IPv6 outside of your network? As long as IPv4 and IPv6 are running in parallel it should be possible for IPv6 MTA to refuse messages that aren't DKIM-signed - and tell the sender to retry over IPv4.

I know this isn't an ideal solution either (one weakness is that it allows you to DDoS an MTA by sending large numbers of messages with an invalid signature), but perhaps it's better than trying to make IP-blacklists work over IPv6? Or perhaps someone can come with a better X now that MTAs can still afford to tell IPv6-senders "do X or retry over IPv4".

Martijn.


________________________________

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

v2.8.7 | Report a Bug | By Email