Re: IPv6 issue

Fri, 06 May 2022 14:28:03 -0700 

On 5/6/22 10:49 AM, Ted Mittelstaedt wrote:
Arg. Well I think you hit the nail on the head. And I think I may have stumbled on to a spam defeating trick. 


Ya ... not running email server on IPv6 is a way of not receiving (some) 
spam.  But I view it very similarly as not running an email server 
period is another way of not receiving (all) spam.


It's a short term gain that has long term negative repercussions.


The problem for them is that if there is no response from that A record 
then normal TCPIP stack is going to wait for a while then eventually 
time out.



What you are describing is the premise behind "No Listing".  The two 
primary ways it's done is to 1) leverage TCP timeouts or 2) leverage a 
TCP Reset.  Either way, you're tickling bugs that alter behavior of spam 
cannons.  Things that proper SMTP servers handle much more gracefully, 
most without any problem at all.



I did not remove the AAAA records because the IPv6 RFCs require that 
if the initial connection tried with IPv6 fails you retry with IPv4.



I would encourage you to not have your host's FQDN include a AAAA record 
if it's not going to be utilizing it.  I'd instead suggest adding an 
alternate name with the (bogus) AAAA record and reference that in MX 
records.



It is in effect a sort of tarpit I believe.



That's not tar pitting to me.  Tar pitting would be answering and 
replying extremely slowly.  Such that you burn a LOT of time for an 
established and arguably functioning (as in exchanging data) SMTP 
connection.  Like one character per second or every few seconds.



You could extend this to defining multiple nonexistent numbers for 
an IPv4 host except that DNS does not seem to have a way to force 
ordering of multiple IPv4s



DNS zone files don't have a way to force ordering.  Some DNS servers, 
BIND in particular, does have the ability to sort records.



Of course, spammers could get around this by recompiling their bots 
to use only IPv4.



You can apply No Listing to different IPs within a protocol and / or 
across protocols.




--
Grant. . . .
unix || die




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to