This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Abuse: ipv6 and spam
- Previous message (by thread): [anti-abuse-wg] Abuse: ipv6 and spam
- Next message (by thread): [anti-abuse-wg] About introduction of punishments in AFRINIC's policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Clayton
richard at highwayman.com
Thu Apr 13 15:39:30 CEST 2017
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message , ox <andre at ox.co.za> writes >I am currently drafting a document regarding accepting email on ipv6 I am happy to argue that being able to obtain an IPv4 address for an MTA is a "clue test" and that failure to have that clue is a plausible reason for rejecting email from a sender... this is not Politically Correct but it's going to be a very effective heuristic for some years to come. [this doesn't apply to end users submitting email to a "smart host", but you authenticate them, so the issues are different] >On White Lists, the process is not as clear or obvious as one may >think as firstly the address space has 2(128) addresses, sec issues >( https://tools.ietf.org/html/rfc5782) etc etc etc you might like to look at M3AAWG's suggestions (essentially they suggest that /64s are the initial granularity of choice) <https://www.m3aawg.org/sites/default/files/document/M3AAWG_Inbound_IPv6 _Policy_Issues-2014-09.pdf> what will go wrong with this approach is that a major site could decide that they want all of their (100s of millions) of users to accrue their own reputation and so they use a unique IPv6 address for each user... >The actual listing entries, sure, we already have a few hundred >good/known ipv6 email servers, but how do admins go about adding >themselves to the white list? > >Obviously it has to be free, open, fair and anyone has to be able to >add themselves. that's not obvious at all -- reputation providers can and will have their own rules for setting the reputation of IPs. If their decisions are wise (and their pricing is acceptable) then people will flock to use their product. >which has given rise >to an idea that all servers (people providing services / providers of >services as opposed to users of) - should have their own, separate >resource listing... what you need to be able to do is to determine whether two IPv6 addresses are controlled by the same person (so that allocating a single reputation to a range of IPv6 addresses makes complete sense). For that you need to know the "cut point" ... what allocation unit is being used by the entity that handed out the IPv6 addresses. constructing a free/open directory of that information would be useful (before we all have to buy it from a commercial vendor) - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBWO9/kju8z1Kouez7EQK9SQCcCd1tG8InFx144G2M0IP1jjqNsqAAoMNC SHHEW9eLteAdA2qSEALuTu6z =Ifr6 -----END PGP SIGNATURE-----
- Previous message (by thread): [anti-abuse-wg] Abuse: ipv6 and spam
- Next message (by thread): [anti-abuse-wg] About introduction of punishments in AFRINIC's policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]