>> IPv6 adds an entirely new aspect to it. > > Well, if you mean the entirely new aspect is a list of hex addresses instead > of dotted decimal addresses I guess so. I personally would rather have a > list of actual end system addresses than a list of addresses that represent a > mail server and several thousand other innocent devices behind a NAT. Might > be easier to tell the system owner which system is compromised than to call a > large company and tell them one of their systems is compromised. It would > also be nice to be able to allow legitimate email to a business partner while > blocking his compromised system only. >
I thin the new dimension is that a spammer today who manages to snag a /8 has 16.7 million addresses to play with. Even if he forces you to add each and every one to your list, that’s a few megabytes for a VERY large IPv4 block. OTOH, a spammer with a single /64, pretty much the absolute minimum IPv6 block, has more than 18 quintillion addresses and there’s not a computer on the planet with enough memory (or probably not even enough disk space) to store that block list. Sometimes scale is everything. host-based reputation lists scale easily to 3.2 billion host addresses. IPv6, not so easily. Owen
