<html><body><span style="font-family:Verdana; color:#000; font-size:12pt;"><div>>> except by manually allow/deny individual ipv6 numbers/ranges </div><div><br></div><div>Get the email sender to manually allow themselves (per email), with a CAPTCHA or similar.</div><div><br></div><div><br></div>
<blockquote id="replyBlockquote" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size:10pt; color:black; font-family:verdana;" webmail="1">
<div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: [anti-abuse-wg] Abuse & ipv6 - Email Servers and e-Registry<br>
From: ox <<a href="mailto:andre@ox.co.za">andre@ox.co.za</a>><br>
Date: Sat, August 05, 2017 3:54 pm<br>
To: <a href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a><br>
<br>
Hi,<br>
<br>
ipv6 & abuse has many different aspects and this specific thread is<br>
about email servers. If you wish to discuss other abuse aspects of<br>
ipv6, please do have the decency (and courtesy/netiquette) of starting<br>
a new thread.<br>
<br>
I am working from the proposition that ipv6 email servers will operate<br>
on a pro active basis as regards abuse, instead of a reactive basis (as<br>
is the case with ipv4) - The eventual proposed protocol will see spam<br>
and other types of email abuse almost disappear and become the<br>
exception, rather than the rule.<br>
<br>
Current status: <br>
All current production email servers offering ipv6 do so on a white list basis<br>
Some reputation lists are already building 'white lists' of ipv6 -<br>
many spammers and abusers are already embedded into the startup white<br>
lists and there are already many practical challenges in low/small data. <br>
<br>
White listing, by itself, will not work (or at the very least will be a<br>
chargeable service and even then) will be problematic as individual<br>
email servers would have little or no control, except by manually<br>
allow/deny individual ipv6 numbers/ranges (in a playing field of 2(128))<br>
<br>
ipv6 for email servers is going to be much more problematic and<br>
challenging than many thought as it would require less privacy (deep<br>
content inspection) and as implemented by some large providers, would<br>
mean the eventual end of privacy. (as small esp's are forced out and<br>
the email players become larger and larger)<br>
<br>
Large ipv6 email providers will only able to filter abuse properly by<br>
filtering content and if not discussed/solved the eu/world will have<br>
less/no freedom. <br>
<br>
I am working on a concept where DNS TXT is used on a devolutionary<br>
basis (using encryption) from an ipv6 DNS email server registry to<br>
secondary master sub domains - cross referenced with the sub reply on<br>
TXT. This would enable email servers to manage and exercise their own<br>
inter operability (as they do now) as well as manage their own<br>
reputation score(s), w/l and even b/l (by omission/default) and even do<br>
so close to real time (as they do now, re-actively)<br>
<br>
There are a number of challenges:<br>
This could be 'hidden' as yadnswl (yet another ipv6 dns whitelist - in<br>
fact there are already some ideas of doing exactly that...)<br>
<br>
But, in reality (and in truth/openness) all the planned ipv6 white I<br>
have seen implies 'central control' - and would already be a 'central<br>
registry of sorts. (we are going to end up with some version(s) of this<br>
anyway - it is a question of whether it will be open or provided using<br>
different terminology by someone - and how it would be controlled or<br>
used)<br>
<br>
I am proposing calling a cow a cow, and calling it a "registry" by name.<br>
<br>
As this would be called a 'registry' of email servers (and not a dns<br>
white list) - the age old (well, decades old) arguments of 'control' /<br>
'transparency' and other obvious issues, come into play - as many of<br>
the objectors to a registry would need to be satisfied around the<br>
open/transparency/control issues that such a registry would seem to<br>
provide - So I would need to efficiently communicate the obvious<br>
foundation propositions clearly to avoid problems in that regard.<br>
<br>
***********************************************************************<br>
<br>
The problem/challenge with email abuse has always been in the <br>
balance between freedom (to send email anywhere) <br>
<br>
and in taking responsibility for what you send.<br>
<br>
To be responsible you have to be identifiable (not anonymous)<br>
<br>
and this has always been the problem. <br>
<br>
**********************************************************************<br>
<br>
It is quite simple, I am proposing the addition and removal from the<br>
registry would be free and open (no control from registry)<br>
<br>
The registry is only a "starting point" or a single point of reference<br>
and has no authority or control over and of anything.<br>
<br>
And as such a proposed registry would accommodate all resources<br>
there should be less objections to it.<br>
<br>
The registry would delegate a unique sub domain to a single ipv6 number<br>
and with 2(128) and the registry intended for 'server' or 'service' on<br>
the behalf of other ipv6 or clients, there would need to be at least<br>
some defining criteria and a balance with freedom/open and being<br>
responsible for the resource needs to be found, for such a registry to<br>
be credible and fair.<br>
<br>
The technology exists to do this, the protocol in general principle, is<br>
solid. (and could be refined anyway)<br>
<br>
I am soliciting comments as to the balance of open/free/fair with<br>
responsible - what minimum is required in filing registration at a<br>
proposed registry such as this?<br>
<br>
Obviously: <br>
ipv6 number (as a minimum) - but what else?<br>
Own DNS TXT encrypted key (match rDNS)<br>
<br>
1. Name?<br>
2. Email Address?<br>
3. Phone Number?<br>
4. Physical Address?<br>
5. 2nd factor email address?<br>
6. ?<br>
<br>
Also, welcome to email me off list - as on list this thread may probably<br>
generate a lot of static/noise useless/valueless/empty comments...<br>
as well as awake many trolls...<br>
<br>
Andre<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
</blockquote></span></body></html>