On 9/1/09 11:55 AM, Doug Barton wrote:
When IPv6 forces use of positive reputations, reverse DNS
entries become superfluous.
I'm sorry, I have no idea what this is supposed to mean. Could you
elaborate?
We offer an email abuse tracking service that lists IPv4 addresses.
Defending this service requires an archival of evidence against listed
addresses. Growth of abusive sources steadily continues. Over the past
6 months, there has been more than a doubling of unique IP addresses
detected at emitting abuse. Daily transitioning of abusive sources now
occurs in groups exceeding 5 million, out of 200 million longer term.
It is hard to believe that there are also about 200K of continuously
abusive sources as well.
Our listing and archival service has already been structured to handle
IPv6, however the growth of publishing and archival resources represents
an exponentially spiraling cost. Due to the exponentially increasing
costs and resource consumption, negative reputations will cease being
practical in the near future. Perhaps in one or two years. Basing
email acceptance of IPv6 clients upon a lack of negative reputations
would further accelerate these costs.
A positive, rather than a negative listing, is likely the only method
that can accommodate continued growth of abusive sources and still
include IPv6 addresses. The publishing billions of abusive sources can
be replaced by publishing millions of legitimate MTA IP addresses
instead. With an external affirmation of an IP address as specifically
representing a legitimate MTA, the benefit of checking nebulous reverse
DNS records diminishes sharply, especially when this check otherwise
consumes rapidly diminishing MTA resources.
Negative reputations within the IPv6 address space also seems
impractical, largely due to the scale of the space involved.
Are you saying that it's not going to be possible to keep track of
bad actors in IPv6?
Anything is possible, but not everything is practical. Keeping track of
good actors can endure exponential growth of bad actors _and_ permit
inclusion of IPv6 .
-Doug
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
