why IPv6 isn't ready for prime time, SMTP edition

Rob McEwen rob at invaluement.com
Wed Mar 26 02:14:17 UTC 2014


On 3/25/2014 9:24 PM, Brielle Bruns wrote:
> Last time I checked, there is no RFC that states that using SMTP
> transport is mandatory with the originator having rDNS (ipv4/ipv6). 
> It may be SUGGESTED or RECOMMENDED, but not MANDATORY or REQUIRED.  It
> is an arbitrary decision made by each mail provider. 

For IPv6, FCrDNS... using NOT "dynamic formatted"  host names... and
with the host name ending in the sender's main domain... *should* be
mandatory. And +1 THOUSAND for everything that John Levine said in his
last few messages!

Additionally... [addressing this topic in general from here on, not
talking specifically to Brielle...]

I have a unique perspective on this... as I manage an anti-spam
blacklist which blacklists many of the snowshoe spammers and "can-spam
complient" spammers whose practices are 100% legal, and who are not
sending to a single caught-you-red-handed honeypot trap. Many of them
abuse blackhat and grayhat ESPs. Unfortunately, in some instanaces, that
"abuse" is symbiotic ("wink wink"), where the blackhat ESP will know
that a sender's practices are extremly suspect (or worse), but will look
the other way in exchange for much needed revenue. In fact, with the
worldwide economy still in somewhat of a drag for about the 6th year in
the row, I'm seeing evidences that *some* ESPs are lowering their
standards a little to even more accommodate this crap. Some once-proud
ESP who claimed they never do this, are in fact doing it.

Still, a HUGE deterrent is getting their IP reputation "soiled"up on
senderbase.org and getting on many blacklists. That becomes a "safety
net" that keeps some of these ESPs from going off the deep end. And,
again, I'm on the front lines dealing with this everyday. Therefore,
SCARCITY of IPv4 IPs... is a FEATURE.. NOT a bug when it comes to
keeping ESPs under control. And it also gives hosters/datacenters
motivation to likewise "police" potential customers because the hoster
or datacenter is left with the damage long after they've kicked a
spammer off of their network.

ALL of that would "unravel"... ALL OF IT!!!!! ... if we all started
using IPv6 for sending authenticated mail. (workstations sending mail to
their own mail server could send via IPv6 all they wanted to.. that
wouldn't be a problem at all) But if all or most MTAs switched to IPv6,
it would be a nightmare and what is sad is that MANY people reading this
message are STILL going to GREATLY underestimate my warning after
reading  this. There are, unfortunately, many poeple who won't listen to
reason and logic and require a real world nightmare before they
"believe"... much like a 2-year-old who doesn't believe his parents'
warning to not touch a hot stove... until AFTER he touches it. But we
don't all have that luxury, do we?

IPv6 is a spammer's dream!

But REQUIRING FCrDNS for IPv6 ... using a NOT "dynamic formatted"  host
name... and with the host name ending in the sender's main domain...
would go a long way towards mitigating these problems as then there
would be more "truth in sending" as the rDNS would then properly convey
both reputation and identity to the sender. I wish that could becomes a
universal IPv6 SMTP standard... yesterday!
 
PS - but even then, I'm told that there may be issues with overrunning
DNS caches should spammers send each spam from a unique IP.... and
slowing down of processing of mail when rDNS lookups happen on each
individual IP. To go back over the "root problem" that I never
mentioned, a spammer would send out a million spams, each from a unique
IP address, without even having that large of an IPv6 allocation. IPv6
MTAs is NOT something to be "rushed into". Anyone promoting rushing into
that... is not very well informed. (to put it nicely).. or they are a
spammer who can't wait for all the fun to commence.

-- 
Rob McEwen
 




More information about the NANOG mailing list