Re: [Asrg] How will we manage IPv6 spam?
Paul Smith <paul@pscs.co.uk> Sun, 19 August 2012 13:00 UTC
Return-Path: <prvs=057821E733=paul@pscs.co.uk>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 1F80B21F8514 for <asrg@ietfa.amsl.com>;
Sun, 19 Aug 2012 06:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBS5llkFDY7b for
<asrg@ietfa.amsl.com>; Sun, 19 Aug 2012 06:00:27 -0700 (PDT)
Received: from mail.pscs.co.uk (mail.pscs.co.uk [188.65.177.237]) by
ietfa.amsl.com (Postfix) with ESMTP id 239B921F850D for <asrg@irtf.org>;
Sun, 19 Aug 2012 06:00:25 -0700 (PDT)
Received: from lmail.pscs.co.uk ([82.68.5.206]) by mail.pscs.co.uk
([188.65.177.237] running VPOP3) with ESMTP for <asrg@irtf.org>;
Sun, 19 Aug 2012 14:00:22 +0100
Received: from [192.168.57.46] ([217.155.61.157]) by lmail.pscs.co.uk
([192.168.66.70] running VPOP3) with ESMTP for <asrg@irtf.org>;
Sun, 19 Aug 2012 13:53:53 +0100
Message-ID: <5030E1E0.7050309@pscs.co.uk>
Date: Sun, 19 Aug 2012 13:53:52 +0100
From: Paul Smith <paul@pscs.co.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: asrg@irtf.org
References: <20120818014025.41244.qmail@joyce.lan>
<Pine.GSO.4.64.1208180653530.12975@nber6>
In-Reply-To: <Pine.GSO.4.64.1208180653530.12975@nber6>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: paul
X-Server: VPOP3 Enterprise V5.0d - Registered
X-Organisation: Paul Smith Computer Services
Subject: Re: [Asrg] How will we manage IPv6 spam?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>,
<mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>,
<mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2012 13:00:28 -0000
On 18/08/2012 11:59, Daniel Feenberg wrote: > > > It is one thing to say that support for IPv6 is the morally correct > action, and another to point out a benefit to the receiver of > accepting IPv6 mail, when all of the same mail is available over > IPv4. Will it be possible for the IETF to convince major legitimate > senders to drop support for IPv4 mail? Would anyone here drop support > of IPv4 email for their employer or customer as a matter of > principle? +1 I can't see IPv4 SMTP stopping until IPv4 is obsolete. Even if a business can only get IPv6 addresses for themselves, there will be people offering IPv4 SMTP gateways that they can use, and they'll use those gateways or they'll be cut off from most of the world who will still be using IPv4. So, IPv4 mail is pretty much here to stay for the foreseeable future. So, given that, why would people start accepting IPv6 mail? It may not be the politically correct thing to say, but that's the way it is... However, discussing 'is there a better way of handling spam than RBLs?' is worthwhile with IPv4 regardless of whether IPv6 is in use or not. Personally, I think SMTP as we know it is more likely to be killed off by spam than it is to become reliant on IPv6. My view is that we need to move towards having 'authorised senders', possibly by buying a a certificate (or similar) with a 'CA' checking you're 'suitable' to be sending mail (eg a legitimate company or person), and able to revoke the certificate if you abuse it. Yes, there would be a cost to this (if you want to be able to send mail from your domain - I'm thinking similar costs to, say, a code-signing certificate which has more stringent checks than a website SSL cert), so it wouldn't be popular, but I'm beginning to think that would be one of the only ways which would work and wouldn't be a kludge as RBLs or greylisting etc are. I'd have thought this could be added without that much difficulty by requiring TLS for all public MTA-MTA transactions and starting to do client certificate based authentication (any non TLS or non-certified transactions could be accepted, but treated as suspect and scanned more thoroughly) While SPF and DKIM etc should in theory help, they seem to be unpopular to some people, and while they can be useful in the fight against spam, they aren't actually anti-spam systems themselves. - Paul Smith Computer Services Tel: 01484 855800 Vat No: GB 685 6987 53
- [Asrg] How will we manage IPv6 spam? John R. Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Michael Thomas
- Re: [Asrg] How will we manage IPv6 spam? John Levine
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Daniel Feenberg
- Re: [Asrg] How will we manage IPv6 spam? Paul Smith
- Re: [Asrg] How will we manage IPv6 spam? Emanuele Balla (aka Skull)
- Re: [Asrg] How will we manage IPv6 spam? SM
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine
- Re: [Asrg] rDNS and cache issues, was How will we… Emanuele Balla (aka Skull)
- Re: [Asrg] rDNS and cache issues, was How will we… Matthias Leisi
- Re: [Asrg] rDNS and cache issues, was How will we… John Levine