IPv6 isn't SMTP

Blake Hudson blake at ispn.net
Thu Mar 27 19:36:14 UTC 2014

Barry Shein wrote the following on 3/26/2014 11:24 PM:
> Some will blanche at this but the entire spam problem basically arose
> from the crap security in Windows systems, particularly prior to maybe
> XP/SP2.
> Not sure where all that leads us, however. Better security at those
> major exploitation points, in a nutshell.
> And if someone disagrees then please tell me how spammers as we know
> them (and related miscreants) can operate without these few sources of
> purloined resources.
> Preferably without a big hand-wave like "oh they'll just find
> something else!"
> Maybe not!

You're largely right. Botnets are a big source of spam. As a mail server 
operator, they're the biggest source that I see. They're also easy to 
block through a number of means (The ISPs they're located on often block 
port 25, PBL (or similar), rDNS, and other behavior). It sounds like it 
will likely be a similar matter of blocking residential botnet 
participants on IPv6 due to the fact that residential ISPs will likely 
apply similar port 25 policy to IPv6 as they do to IPv4 and no rDNS.

However, as more attention is being payed to secure these end stations, 
spammers are looking at alternative avenues. In recent years, they've 
been harvesting user credentials through various means and then 
exploiting these compromised accounts to send email through otherwise 
legitimate servers. These are the spam messages that are hard to block. 
And these may be the areas where reputation based services will not be 
able to keep up in an IPv6 landscape. At least this concentrates the 
sources of spam (from my server's vantage point) and reduces the attack 
surface so that the problem is likely addressed more quickly and by 
someone with a higher level of knowledge than the average (unknowing) 
botnet participant.

Unfortunately, I can't keep Suzie teenager or Joe grandpa from giving 
his or her password out to a phisher. Fortunately, I can place 
reasonable limits on their accounts and the number of messages they're 
allowed to send or the rate at which they're allowed to send messages. 
If everyone else would just do the same we'd be a lot better off against 
this kind of attack.


More information about the NANOG mailing list