On 10/7/2019 7:37 AM, Valdis Klētnieks wrote:
On Mon, 07 Oct 2019 03:03:45 -0400, Rob McEwen said:
Likewise for spam filtering - spam filtering would be knocked back to
the stone ages if IPv4 disappeared overnight. IPv6 is a spam sender's
dream come true, since IPv6 DNSBLs are practically worthless.
Riddle me this: Why then have spammers not abandoned IPv4 and moved to
IPv6 where we're totally powerless to stop their floods of spam?
I'm tired of hearing the excuse "We can't move to IPv6 because then we couldn't
stop the spam" - if that were true, then every organization that *has* moved
to IPv6 would be drowning in spam.
(1) as Stephen Satchell said... because a huge percentage of mailboxes
(perhaps the vast majority?) are still behind servers that (wisely!)
only listen on IPv4 for non-auth connections, so spammers would have to
make extremely large deletions to their distribution list if they only
sent to emails where the mail server only listened on IPv6.
(2) For my own commercial anti-spam blacklist, I've had SEVERAL new
subscribers this past year who specifically complained about spams that
my anti-spam blacklists (AND all the other ones like Spamhaus, etc!)
were NOT blocking. I requested more information about the ones that
weren't getting blocked... and they were almost all IPv6-sent spams. I
simply explained to them that they do NOT have to do this, and that most
of that spam will go away the moment that their server only listens on
IPv4 (at least, for non-SMTP-AUTH email - they can still listen for IPv6
authenticated email without these problems). I also explained to them
that there hadn't been a situation in the history of the world where an
email didn't make it to a server that only listened on IPv4 for
non-authenticated email.
(3) Many IPv6 mail servers have had to invest/expend significantly more
resources per mailbox.
(4) trying to get everyone to move too quickly to IPv6 POTENTIALLY
actually damages email and harms OTHER's spam filtering. Why? Because it
enables listwashing. A spammer can literally send to 10s of thousands of
email addresses each from a separate /64 block, with a one-to-one
relationship between the /64 block and the recipient email address. Then
they can listwash spamtrap addresses based on which of those /64 blocks
get blacklisted. It ALSO harms email because shady marketers get the
idea that there are endless new IPs to burn through, and that only
emboldens them. So when it comes to email, it turns out that IPv4
scarcity (for non-auth connections) is a feature not a bug! But, if
desired, you can STILL have massive amounts of IPv6 clients sending via
SMTP authentication - so this won't limit your ability for your
refrigerator to send authenticated email to you! (so that greatly
minimizes the "but we're running out" longer-term argument - besides the
fact that this isn't really a HUGE problem anyways - since IPv6 clients
already are already able to connect to IPv4 servers)
--
Rob McEwen
https://www.invaluement.com
