IPv6 Pain Experiment

• Previous message (by thread): IPv6 Pain Experiment
• Next message (by thread): IPv6 Pain Experiment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/7/2019 7:37 AM, Valdis Klētnieks wrote:
> On Mon, 07 Oct 2019 03:03:45 -0400, Rob McEwen said:
>> Likewise for spam filtering - spam filtering would be knocked back to
>> the stone ages if IPv4 disappeared overnight. IPv6 is a spam sender's
>> dream come true, since IPv6 DNSBLs are practically worthless.
> Riddle me this:  Why then have spammers not abandoned IPv4 and moved to
> IPv6 where we're totally powerless to stop their floods of spam?
>
> I'm tired of hearing the excuse "We can't move to IPv6 because then we couldn't
> stop the spam" - if that were true, then every organization that *has* moved
> to IPv6 would be drowning in spam.

(1) as Stephen Satchell said... because a huge percentage of mailboxes 
(perhaps the vast majority?) are still behind servers that (wisely!) 
only listen on IPv4 for non-auth connections, so spammers would have to 
make extremely large deletions to their distribution list if they only 
sent to emails where the mail server only listened on IPv6.

(2) For my own commercial anti-spam blacklist, I've had SEVERAL new 
subscribers this past year who specifically complained about spams that 
my anti-spam blacklists (AND all the other ones like Spamhaus, etc!) 
were NOT blocking. I requested more information about the ones that 
weren't getting blocked... and they were almost all IPv6-sent spams. I 
simply explained to them that they do NOT have to do this, and that most 
of that spam will go away the moment that their server only listens on 
IPv4 (at least, for non-SMTP-AUTH email - they can still listen for IPv6 
authenticated email without these problems). I also explained to them 
that there hadn't been a situation in the history of the world where an 
email didn't make it to a server that only listened on IPv4 for 
non-authenticated email.

(3) Many IPv6 mail servers have had to invest/expend significantly more 
resources per mailbox.

(4) trying to get everyone to move too quickly to IPv6 POTENTIALLY 
actually damages email and harms OTHER's spam filtering. Why? Because it 
enables listwashing. A spammer can literally send to 10s of thousands of 
email addresses each from a separate /64 block, with a one-to-one 
relationship between the /64 block and the recipient email address. Then 
they can listwash spamtrap addresses based on which of those /64 blocks 
get blacklisted. It ALSO harms email because shady marketers get the 
idea that there are endless new IPs to burn through, and that only 
emboldens them. So when it comes to email, it turns out that IPv4 
scarcity (for non-auth connections) is a feature not a bug! But, if 
desired, you can STILL have massive amounts of IPv6 clients sending via 
SMTP authentication - so this won't limit your ability for your 
refrigerator to send authenticated email to you! (so that greatly 
minimizes the "but we're running out" longer-term argument - besides the 
fact that this isn't really a HUGE problem anyways - since IPv6 clients 
already are already able to connect to IPv4 servers)

-- 
Rob McEwen
https://www.invaluement.com

• Previous message (by thread): IPv6 Pain Experiment
• Next message (by thread): IPv6 Pain Experiment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]