IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

"Emanuele Balla (aka Skull)" <skull@bofhland.org> Thu, 25 October 2012 14:48 UTC

Return-Path: <skull@bofhland.org>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7EA21F8963 for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 07:48:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YR356tHa5s6g for <asrg@ietfa.amsl.com>; Thu, 25 Oct 2012 07:48:09 -0700 (PDT)
Received: from mithrandir.bofhland.org (mithrandir.bofhland.org [IPv6:2a02:9a8:94::b]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8F421F8962 for <asrg@irtf.org>; Thu, 25 Oct 2012 07:48:08 -0700 (PDT)
Received: from zarathustra.local (zarathustra.spin.it [147.123.15.60]) by mithrandir.bofhland.org (Postfix) with ESMTPSA id 7BD276C0A1 for <asrg@irtf.org>; Thu, 25 Oct 2012 16:48:07 +0200 (CEST)
Message-ID: <50895125.4050606@bofhland.org>
Date: Thu, 25 Oct 2012 16:48:05 +0200
From: "Emanuele Balla (aka Skull)" <skull@bofhland.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:16.0) Gecko/20121010 Thunderbird/16.0.1
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20121025141158.11869.qmail@joyce.lan> <50894BA1.7020100@invaluement.com>
In-Reply-To: <50894BA1.7020100@invaluement.com>
X-Enigmail-Version: 1.4.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2012 14:48:10 -0000

On 10/25/12 4:24 PM, Rob McEwen wrote:

Hi Rob!

> One thing that is harmless and which should be promoted now is the
> exclusive use of IPv6 addresses for authenticated e-mail headed to the
> mail server.  That way, IPv6 can be dynamically assigned IPs for things
> like residential customers where that end user's IPv6 would never sent
> mail directly to the recipient. Then, such a mail server could, for now,
> ONLY accept mail for THOSE smtp-authenticated/IPv6 sessions, and
> actually refuse non-authenticated IPv6 traffic. Such a server would then
> relay out such mail via IPv4. 99.9% of the argument about hurrying up
> IPv6 implementation for mail servers due to running out of IPv4 IPs are
> solved by this scenario since there are thousands of dynamically
> assigned IPs delegated to end users for every one legitimate mail server IP.
> 
> Not saying this is the answer for 100 years from now, but this scenario
> scales well, too. When EVERYTHING is assigned an IPv6 IP (your car, your
> refrigerator, etc)... those IPv6 IPs won't be prevented from sending
> e-mail in the scenario I described above, even if mail servers haven't
> yet moved into the IPv6 world.


So you're basically suggesting that MXs should not allow any IPv6 SMTP
connection unless it's coming from a trusted entity, and only MSAs
should speak IPv6.

This will allow to work in the upcoming IPv4 shortage scenario, as you
say. But I think you underestimate how hard could be switching from this
scenario to the "all IPv6" one in the future...

In other words, you're basically suggesting something like "do not
publish any AAAA record for your MXs and just rely on IPv4, unless you
found a solution to the IPv6 spam problem".

But this is not suggesting a solution anyway... ;-)


-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/

v2.8.7 | Report a Bug | By Email