How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

• Previous message (by thread): How to wish you hadn't forced ipv6 adoption (was "How to force
• Next message (by thread): How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/1/2015 11:18 PM, cortana5 at gmail.com wrote:
> Excuse my probable ignorance of such matters, but would it not then be 
> preferred to create a whitelist of proven Email servers/ip's , and 
> just drop the rest?  Granted, one would have to create a process to 
> vet anyone creating a new email server, but would that not be easier 
> then trying to create and maintain new blacklists?
>

I have heard that mentioned before. Unfortunately, this wouldn't work:

(1) we already have extensive IPv4 whitelists, many of which are used by 
prominent anti-spam blacklists (and ISPs) to prevent false positives. 
However, if tomorrow, ALL IPv4 blacklists disappears, and all mail 
servers only allowed in the traffic coming from the IPs listed on the 
better IPv4 whitelists, then a massive percentage of VERY legit mail 
would STILL be blocked. Therefore, if IPv4 whitelists can't keep up in 
the IPv4 work, how are they going to do so in the IPv6 world?

(2) Then there is the chicken-N-egg problem. How do you get your mail 
delivered if you are a new sender, but aren't on that list yet. How do 
you prove your sending practices are valid if you can't get your first 
e-mail delivered?

(3) Any solution to that "chicken-N-egg problem"... which tries to 
provide some kind of verification of legit senders... is a hoop that the 
spammers could jump through just as easily... and they will! (some of 
them doing so convince that they are doing nothing wrong because they 
were told that the list they bought isn't spam because the recipient 
forgot to uncheck a button that said, "receive offers from third parties"!)

(4) and this idea oversimplifies the complexity of the spam problem. For 
example, many of the better blacklists know just when it is appropriate 
to blacklist that legit sender who sends 100 legit messages a day, but 
had a compromised system that triggered 50 thousand spam to be sent out 
that day... and the better blacklists are good about delisting that 
sender soon after the problem is fixed. But in a whitelist-only world, 
you're stuck receiving all that spam!

-- 
Rob McEwen
+1 478-475-9032

• Previous message (by thread): How to wish you hadn't forced ipv6 adoption (was "How to force
• Next message (by thread): How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]