This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry
- Previous message (by thread): [anti-abuse-wg] Reliance on rDNS
- Next message (by thread): [anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ox
andre at ox.co.za
Sat Aug 5 07:54:10 CEST 2017
Hi, ipv6 & abuse has many different aspects and this specific thread is about email servers. If you wish to discuss other abuse aspects of ipv6, please do have the decency (and courtesy/netiquette) of starting a new thread. I am working from the proposition that ipv6 email servers will operate on a pro active basis as regards abuse, instead of a reactive basis (as is the case with ipv4) - The eventual proposed protocol will see spam and other types of email abuse almost disappear and become the exception, rather than the rule. Current status: All current production email servers offering ipv6 do so on a white list basis Some reputation lists are already building 'white lists' of ipv6 - many spammers and abusers are already embedded into the startup white lists and there are already many practical challenges in low/small data. White listing, by itself, will not work (or at the very least will be a chargeable service and even then) will be problematic as individual email servers would have little or no control, except by manually allow/deny individual ipv6 numbers/ranges (in a playing field of 2(128)) ipv6 for email servers is going to be much more problematic and challenging than many thought as it would require less privacy (deep content inspection) and as implemented by some large providers, would mean the eventual end of privacy. (as small esp's are forced out and the email players become larger and larger) Large ipv6 email providers will only able to filter abuse properly by filtering content and if not discussed/solved the eu/world will have less/no freedom. I am working on a concept where DNS TXT is used on a devolutionary basis (using encryption) from an ipv6 DNS email server registry to secondary master sub domains - cross referenced with the sub reply on TXT. This would enable email servers to manage and exercise their own inter operability (as they do now) as well as manage their own reputation score(s), w/l and even b/l (by omission/default) and even do so close to real time (as they do now, re-actively) There are a number of challenges: This could be 'hidden' as yadnswl (yet another ipv6 dns whitelist - in fact there are already some ideas of doing exactly that...) But, in reality (and in truth/openness) all the planned ipv6 white I have seen implies 'central control' - and would already be a 'central registry of sorts. (we are going to end up with some version(s) of this anyway - it is a question of whether it will be open or provided using different terminology by someone - and how it would be controlled or used) I am proposing calling a cow a cow, and calling it a "registry" by name. As this would be called a 'registry' of email servers (and not a dns white list) - the age old (well, decades old) arguments of 'control' / 'transparency' and other obvious issues, come into play - as many of the objectors to a registry would need to be satisfied around the open/transparency/control issues that such a registry would seem to provide - So I would need to efficiently communicate the obvious foundation propositions clearly to avoid problems in that regard. *********************************************************************** The problem/challenge with email abuse has always been in the balance between freedom (to send email anywhere) and in taking responsibility for what you send. To be responsible you have to be identifiable (not anonymous) and this has always been the problem. ********************************************************************** It is quite simple, I am proposing the addition and removal from the registry would be free and open (no control from registry) The registry is only a "starting point" or a single point of reference and has no authority or control over and of anything. And as such a proposed registry would accommodate all resources there should be less objections to it. The registry would delegate a unique sub domain to a single ipv6 number and with 2(128) and the registry intended for 'server' or 'service' on the behalf of other ipv6 or clients, there would need to be at least some defining criteria and a balance with freedom/open and being responsible for the resource needs to be found, for such a registry to be credible and fair. The technology exists to do this, the protocol in general principle, is solid. (and could be refined anyway) I am soliciting comments as to the balance of open/free/fair with responsible - what minimum is required in filing registration at a proposed registry such as this? Obviously: ipv6 number (as a minimum) - but what else? Own DNS TXT encrypted key (match rDNS) 1. Name? 2. Email Address? 3. Phone Number? 4. Physical Address? 5. 2nd factor email address? 6. ? Also, welcome to email me off list - as on list this thread may probably generate a lot of static/noise useless/valueless/empty comments... as well as awake many trolls... Andre
- Previous message (by thread): [anti-abuse-wg] Reliance on rDNS
- Next message (by thread): [anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]