IETF Logo Mail Archive

[Asrg] How will we manage IPv6 spam?

"John R. Levine" <johnl@iecc.com> Fri, 17 August 2012 20:22 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16F2C11E80E0 for <asrg@ietfa.amsl.com>; Fri, 17 Aug 2012 13:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.379
X-Spam-Level:
X-Spam-Status: No, score=-102.379 tagged_above=-999 required=5 tests=[AWL=0.221, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3wnnXqTeE6Q for <asrg@ietfa.amsl.com>; Fri, 17 Aug 2012 13:22:58 -0700 (PDT)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 1F1D511E80D1 for <asrg@irtf.org>; Fri, 17 Aug 2012 13:22:57 -0700 (PDT)
Received: (qmail 5091 invoked from network); 17 Aug 2012 20:22:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:vbr-info:user-agent:cleverness; s=13e2.502ea81f.k1208; bh=iuUG9H6DhrE89jyvlvEto7totboHjMa+M2yUtDtpNN8=; b=RjBadzZ93eKErZPZMDR5dh+V19PDhKxgkXOlxY++QsDT4ben9m7/nAoSf1/bstKen/R/9RP6EFeMGexUagIiYp7tOUp0HExt2EmV2Llv+EatQINYN86a9z84AcfJlrn01H+v7KOUVhKvFSKYRKx/LxQKJvCGTD8vcGYbcfwq+MA=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Received: (ofmipd 127.0.0.1); 17 Aug 2012 20:22:33 -0000
Date: 17 Aug 2012 16:22:55 -0400
Message-ID: <alpine.BSF.2.00.1208171554300.31068@joyce.lan>
From: "John R. Levine" <johnl@iecc.com>
To: "Anti Spam Research Group" <asrg@irtf.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: MULTIPART/signed; protocol="application/pkcs7-signature"; micalg=sha1; BOUNDARY="3825401791-1349324714-1345234975=:31068"
Subject: [Asrg] How will we manage IPv6 spam?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 20:22:59 -0000

Hi.  Remember the ASRG?  I was hoping it might do a little research.

In talking to people about IPv6 mail, I'm still coming to the conclusion 
that anyone who thinks they know how they're going to handle it, beyond 
the current toy scale, doesn't understand the problem.  Things we might 
address include:

* Will DNSBLs that work like v4 BLs, with a query per IP, blow out DNS 
caches?  If so, can this be solved by hacks like partitioned caches that 
treat BL traffic separately?  Would something like my B-tree hack work 
better?

* Is there some reasonable way for networks to publish allocation 
granularity, e.g., this range is a /64 per user, that range is individual 
hosts?  If they can, how useful would it be to running BLs or otherwise 
making filtering decisions?

* Is there a practical way to do hard or soft whitelisting of V6 mail 
hosts?  (Hard: no body filtering, soft: with body filtering)

* Should large and small systems use the same filtering techniques?  Large 
systems have larger mail volume and so can build better models of incoming 
traffic, small systems can afford cruder filters like no mail from Korea

* Can we build models to predict this stuff now, since under the most 
optimistic scenario it'll still be years before the v6 mail volume 
approaches v4 mail volume.

R's,
John

v2.8.7 | Report a Bug | By Email