IETF Logo Mail Archive

Re: [Asrg] DNSBL and IPv6

Tim Chown <tjc@ecs.soton.ac.uk> Mon, 22 October 2012 10:26 UTC

Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DEDB21F8518 for <asrg@ietfa.amsl.com>; Mon, 22 Oct 2012 03:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1l3FgK+QFhzn for <asrg@ietfa.amsl.com>; Mon, 22 Oct 2012 03:26:55 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) by ietfa.amsl.com (Postfix) with ESMTP id 3378D21F861A for <asrg@irtf.org>; Mon, 22 Oct 2012 03:26:53 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (localhost.ecs.soton.ac.uk [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id q9MAQo4U032182 for <asrg@irtf.org>; Mon, 22 Oct 2012 11:26:50 +0100
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk q9MAQo4U032182
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=200903; t=1350901611; bh=EyGHMI2zWhjrTD6St5Nyc/4DhP8=; h=Mime-Version:Subject:From:In-Reply-To:Date:References:To; b=Nzu7VbSlv3aIbXnjqth0A6jTIp8bRYUUBABuIfb5ZBXuZIG50lYTlPpLj4sFllLh9 o3w52QDyKSMbipE8hM/zHy0CRNNudoEf5qF1k1mu/cFr2s8biFbyK4Fo6i0XZUr28I Mm6aiIfuOCPnmg2CS3KpQTGCYPhSD5gocRxyRKh0=
Received: from gander.ecs.soton.ac.uk ([2001:630:d0:f102:250:56ff:fea0:401]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102:250:56ff:fea0:68da]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id o9LBQo0430609746jy ret-id none; Mon, 22 Oct 2012 11:26:50 +0100
Received: from ip-205-178.eduroam.soton.ac.uk (ip-205-178.eduroam.soton.ac.uk [152.78.205.178]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id q9MAQkT8001388 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <asrg@irtf.org>; Mon, 22 Oct 2012 11:26:47 +0100
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <alpine.DEB.2.00.1210200638000.28593@uplift.swm.pp.se>
Date: Mon, 22 Oct 2012 11:26:46 +0100
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|d9767673fbe3a1cc92e91f89efc20200o9LBQo03tjc|ecs.soton.ac.uk|2F1F49FD-300A-4DB3-B8D6-F3E9440C359A@ecs.soton.ac.uk>
References: <20121019224131.28382.qmail@joyce.lan> <5081EF6F.9030808@hireahit.com> <5C0A004C-1BAD-4103-85C2-B94B718F0367@blighty.com> <alpine.DEB.2.00.1210200638000.28593@uplift.swm.pp.se> <2F1F49FD-300A-4DB3-B8D6-F3E9440C359A@ecs.soton.ac.uk>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
X-Mailer: Apple Mail (2.1499)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=o9LBQo043060974600; tid=o9LBQo0430609746jy; client=relay,forged,no_ptr,ipv6; mail=; rcpt=; nrcpt=1:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: q9MAQo4U032182
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Subject: Re: [Asrg] DNSBL and IPv6
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2012 10:26:56 -0000

On 20 Oct 2012, at 05:41, Mikael Abrahamsson <swmike@swm.pp.se> wrote:

> On Fri, 19 Oct 2012, Steve Atkins wrote:
> 
>> (I'm betting that "mask the bottom 64 bits before querying" would work just fine, but I don't think we have enough v6 space in use yet to say for sure.)
> 
> I agree. Although I believe some ISPs will put multiple customers in a single /64, this is mostly going to be dynamic customers anyway (multiple laptops on a wifi for instance), and those I would imagine are treated with the same policy so it doesn't really matter. Per /64 handling is a reasonable tradeoff between granularity and practicality in my mind.

A /64 basis seems to be the most sensible starting point, from which one could 'suck it and see'.

In client scenarios where multiple users share a /64, e.g. in a wifi hotspot, then they are probably sharing one public IPv4 address with IPv4 NAT now.  

In data centre scenarios, what do we expect there? It's not clear from draft-lopez-v6ops-dc-ipv6-03.  It may depend on whether the hosting is physical or virtual? The allocated prefix is likely to be quite stable.

In home networks, the current trend in Europe seems to be /60 to /56, though some offer /64 or /48.  In some cases the equipment can only handle /64 now, but expect that to shift to /56 or /60 later.  The work on draft-ietf-homenet-arch-05 expects the ISP to offer multiple /64's.  It seems many ISPs will vary the prefix offered over time much as with dynamic IPv4 addresses today.  In some countries, that's apparently a legal requirement.

In enterprises, /48, and more likely to be stable.

Our evidence from incoming spam is that most of it comes via dual-stack list servers.  There's very little evidence of spam coming from autoconfigured addresses that would indicate client senders.

Tim

v2.23.0 | Report a Bug | By Email