>If blacklists like CBL are currently at 100 MBs (for IPv4)... the bloat >for IPv6 could break DNSBLs. RSYNCing Gigabyte (or terabyte!) -sized >files is memory and CPU intensive. Loading those into rbldnsd is also >resource expensive! Furthermore, getting that data out to DNS mirrors >quickly and efficiently is going to be a nightmare! And... this requires >that ALL mirrors be upgraded to accommodate the vastly larger size.
Right. I don't think the CBL will get much larger, since it will certainly do /64 granularity, but it'll still be a challenge to query efficiently. >(1) create a standard whereby non-authenticated IPv6 mail can ONLY be >accepted by certain IPs (such as x.x.x.0 Sorry, no chance. >(2) Why can't "Forward Confirmed reverse DNS" (FCrDNS) become a standard >for IPv6? Because rDNS lookups will explode your cache just as badly as DNSBL lookups. In the words of a friend who used to run a very large mail system, when I asked him about IPv6 rDNS: Just Say No. rDNS isn't likely to be useful at all for v6, although you could try something like CSV based on looking up the EHLO name. >(3) A shifting of focus on whitelists is important... but some of those >shouldn't really be "whitelists" in the traditional sense. Instead, they >should merely indicate that an IP is a candidate for sending mail. This one I agree with. The Spamhaus whitelist is intended only for very virtuous sources of mail, but it will clearly also be useful to have what was called a yellow list a few days ago, hosts that send enough real mail that you can't just blacklist them even if you see some spam. R's, John
