Re: [Asrg] What are the IPs that sends mail for a domain?

der Mouse <mouse@Rodents-Montreal.ORG> Wed, 17 June 2009 15:24 UTC

Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A16DF28C296 for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 08:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.691
X-Spam-Level:
X-Spam-Status: No, score=-9.691 tagged_above=-999 required=5 tests=[AWL=0.297, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPDbo1LLuLDj for <asrg@core3.amsl.com>; Wed, 17 Jun 2009 08:24:39 -0700 (PDT)
Received: from Sparkle.Rodents-Montreal.ORG (Sparkle.Rodents-Montreal.ORG [216.46.5.7]) by core3.amsl.com (Postfix) with ESMTP id 939F328C284 for <asrg@irtf.org>; Wed, 17 Jun 2009 08:24:39 -0700 (PDT)
Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id LAA18251; Wed, 17 Jun 2009 11:24:50 -0400 (EDT)
From: der Mouse <mouse@Rodents-Montreal.ORG>
Message-Id: <200906171524.LAA18251@Sparkle.Rodents-Montreal.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway.
X-Message-Flag: Microsoft: the company who gave us the botnet zombies.
Date: Wed, 17 Jun 2009 11:19:30 -0400 (EDT)
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-Reply-To: <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com>
References: <9112777.1871245190785748.JavaMail.franck@iphone-4.genius.local> <Pine.GSO.4.64.0906161906450.27272@nber6.nber.org> <4D8E56D2-CB37-4713-94E5-0F0C2A1B1F94@blighty.com>
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 15:24:40 -0000

>> Because it would be impossible to maintain a DNSBL for IPV6,
> Can you expand on why you think it's the case, or point me at some
> discussion of it?

I haven't claimed that, but I think the idea is that the size of the v6
address space, and the amount of address space that even a tiny
customer gets, make it useless to try to identify and block bad-actor
addresses, because they'll just dodge to unblocked addresses.

There is some truth to this, but it's not that simple.  DNSBLs like the
CBL, where the assignee of the IP address is not actively malicious and
thus won't be ducking out from under the listing, will be unaffected.
There are doubtless some DNSBLs which will be unable to do anything
useful in v6, but there are others that will simply start listing /64s
or /48s or some such.

It will change things, definitely.  But to say it will be impossible to
maintain a DNSBL is an overstatement.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse@rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B