Re: [Asrg] [ASRG] SMTP pull anyone?

Rich Kulawiec <rsk@gsp.org> Wed, 26 August 2009 22:21 UTC

Return-Path: <rsk@gsp.org>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E8453A6AB3 for <asrg@core3.amsl.com>; Wed, 26 Aug 2009 15:21:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CO+FeINI+7qt for <asrg@core3.amsl.com>; Wed, 26 Aug 2009 15:21:06 -0700 (PDT)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by core3.amsl.com (Postfix) with ESMTP id 777DD3A70EF for <asrg@irtf.org>; Wed, 26 Aug 2009 15:21:06 -0700 (PDT)
Received: from squonk.gsp.org (bltmd-207.114.25.206.dsl.charm.net [207.114.25.206]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id n7QMLBpu012679 for <asrg@irtf.org>; Wed, 26 Aug 2009 18:21:12 -0400 (EDT)
Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id n7QMD7Am001415 for <asrg@irtf.org>; Wed, 26 Aug 2009 18:13:07 -0400 (EDT)
Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.3/8.14.3/Debian-4) with ESMTP id n7QML5Gd029344 for <asrg@irtf.org>; Wed, 26 Aug 2009 18:21:06 -0400
Received: (from rsk@localhost) by avatar.gsp.org (8.14.3/8.14.3/Submit) id n7QML57E029334 for asrg@irtf.org; Wed, 26 Aug 2009 18:21:05 -0400
Date: Wed, 26 Aug 2009 18:21:05 -0400
From: Rich Kulawiec <rsk@gsp.org>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Message-ID: <20090826222105.GA24507@gsp.org>
References: <45ae90370908260906t223ea020g1e964670fad7ef0d@mail.gmail.com> <20090826180601.79333.qmail@simone.iecc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090826180601.79333.qmail@simone.iecc.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [Asrg] [ASRG] SMTP pull anyone?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2009 22:21:11 -0000

On Wed, Aug 26, 2009 at 06:06:01PM -0000, John Levine wrote:
> >Rich, does ipv6 change any of this?
> 
> I'm not Rich, but the open question at this point is how effective
> DNSBLs will be on IPv6.

What John said.

Point blocks already have their issues, for example (a) hosts using
dynamic addressing can hop around within a network allocation and
(b) spammers can try to use snowshoe techniques to tread lightly
enough to evade them.  And they can be unwieldly.  I think all of
this is likely to get worse with IPv6.  I rather suspect that this
will lead to mechanisms using entire network blocks -- some of which
we already have.  (For example, we have MTAs that understand blacklists
in CIDR format.)

At least some of the other measures should continue working, though,
as they're independent of IPv4-IPv6.  But I think while they may be
helpful, they're not going to be enough.

I don't see much help coming from SPF or DKIM or whatever: most of the
spam that makes it past my setup is correctly marked with one of these.
(<cough> Hotmail, Yahoo)  I expect this will get much worse as spammers
begin to leverage the full power of the botnets they're operating.

---Rsk