On 12/1/2010 12:05 PM, David F. Skoll wrote: > Where did you hear that? I can't imagine that > IPv6 is any less (or any more) anonymous than IPv4.
One HUGE problem is that IPv6 will be a spammer's dream and a DNSBL's nightmare. A spammers (and blackhat ESPs) would potentially send out each spam from a different IP and then not use each IP again for YEARS! This will make DNSBLs much less effective.. and it will bloat their file sizes and memory/resource requirements exponentially. The DNSBLs will have no choice but to make their entire DNSBL the equivalent of a /24 list today... except painting with a much broader stroke, and many will complain about unfair collateral damage. Even then, the bloat will STILL be out of control. SOLUTIONS? Personally, I prefer everyone everywhere agree that, unless the e-mail is password authenticated to one's own mail server, all mail be rejected unless the mail server had IPv4. But purists won't like that because their goal is to eventually *end* IPv4. So what else could be done? If we must receive mail from IPv6 IPs, then I recommend doing the equivalent of the following (put in IPv4 terms for simplicity): (A) All other non-authenticated mail rejected... unless the message came from a "XXX.XXX.XXX.0" IP (this is in IPv4 terms... translate this into some equivalent IPv6 standard... but case a super wide net!) That will greatly reduces the number of possible valid mail sending IP. (again, auth mail to one's own server need not fulfill this standard) (b) industry wide, agree that mail is NOT accepted from IPv6 unless it does "Forward Confirmed reverse DNS" FCrDNS If one or both of those were agreed upon up front--this would go a long way towards preventing the coming nightmare. (and forgive me of RFCs have already established those as absolute standards for IPv6... I haven't kept up with all the RFC for IPv6!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
