On Wed, 01 Dec 2010 12:47:16 -0500 Rob McEwen <r...@invaluement.com> wrote:
> One HUGE problem is that IPv6 will be a spammer's dream and a DNSBL's > nightmare. A spammers (and blackhat ESPs) would potentially send out > each spam from a different IP and then not use each IP again for > YEARS! Actually, since the smallest allocation unit is a /64, you could switch IP addresses once per nanosecond and not run out for almost 585 years. If you have a /48, you could last for about 38 million years. So at a minimium, an IPv6 DNSBL will have to list a /64, not individual IPv6 addresses. That's fine. Most botnet nodes are individual home PCs and they won't be able to pick an address outside their /64 allocation (assuming a competent ISP... a big assumption!) Also, DNSWLs will start becoming more important as we concentrate on listing known-good machines. > Personally, I prefer everyone everywhere agree that, unless the e-mail > is password authenticated to one's own mail server, all mail be > rejected unless the mail server had IPv4. But purists won't like that > because their goal is to eventually *end* IPv4. It's not just purists who won't like that. At some point, you won't be able to *get* an IPv4 address. [...] > If one or both of those were agreed upon up front--this would go a > long way towards preventing the coming nightmare. (and forgive me of > RFCs have already established those as absolute standards for IPv6... > I haven't kept up with all the RFC for IPv6!) I don't see any nightmare. DNSBLs are a useful anti-spam tool that will be made somewhat less effective with the advent of IPv6, but they're by no means the only or most effective anti-spam tool we have. Regards, David.
