On 01/05/2011 05:14 AM, David F. Skoll wrote: > On Tue, 04 Jan 2011 11:01:52 -0500 > Rob McEwen <r...@invaluement.com> wrote: > >> When we are left with only whitelists and no blacklists, an >> interesting problem will happen... there will be extreme prejudice >> against ALL new IPs not already whitelisted. > Life will become more difficult, but it's not all doom-and-gloom. > By default, you should be able to get on the whitelist just by asking. If > it turns out you've abused the trust, you get banned for a long time. > That's essentially how the Spamhaus Whitelist works.
Why focus on DNS IP whitelists? What's wrong with mandated SPF instead? (ie my "all ipv6 smtp servers must have explicit SPF records"). Much less overhead than RBLs, scales better (we may have near infinite ipv6 addresses, but there will still only be as many DNS domains in ipv6-land as there are in ipv4-land - in the beginning, obviously) I know SPF isn't perfect (we still don't do it ourselves), but ipv6 may change the landscape so much that nothing short of draconian measures may suffice. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
