Hi, all, We run a system of data collection that collects reputation information about IP addresses. Our system has data on over 18 million IPv4 addresses and 2658 IPv6 addresses (which shows how poor the penetration of IPv6 is.) For details of our system, see http://mimedefang.org/reputation
Anyway, I checked to see how many of the IPv6 addresses were in the same /64 and the answer is... a lot of them. All of the 2658 individual addresses are within 1674 different /64s. The average /64 has 1.5 addresses. We've seen as many as 95 individual addresses within the same /64. (And we only see machines that attempt to send mail to one of our sensors. There are probably way more machines in each /64 than what we see.) It seems that many organizations do place multiple machines in the same /64, so /64 granularity may not be good enough for a BL and definitely won't be good enough for a WL. I'm coming to the conclusion that John Levine's proposal or something similar is necessary after all. :( Regards, David.
