back to article IPv6 intro creates spam-filtering nightmare

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn. The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries …

COMMENTS

This topic is closed for new posts.
  1. Conrad Longmore

    Bad neighbourhoods

    Although single-IP blacklists might struggle, you'll probably find that with IPv6 the bad guys will still often operate out of known bad (or suspect) blocks of IP addresses. Remember, IP addresses are not handed out randomly.

    Incidentally, the bad guys seem to be very adept at getting blocks of IPv4 in /24, /23 or even /22 chunks. Once they have destroyed the reputation of these blocks (often permanently) they move on. I wonder how much of the IPv4 address space is currently widely blacklisted?

    1. copsewood

      bad reputation and timeout

      Software which compiles blacklists is likely to generate too many false positives if bad reputation resulting from ancient spam doesn't time out. It's easy enough to maintain a real time record of timestamped spamtrap hits for the IP address in question and remove it from the blacklist unless it has generated enough recent bad email.

    2. Daniel B.
      Boffin

      Re: Bad neighbourhoods

      "Incidentally, the bad guys seem to be very adept at getting blocks of IPv4 in /24, /23 or even /22 chunks. Once they have destroyed the reputation of these blocks (often permanently) they move on. I wonder how much of the IPv4 address space is currently widely blacklisted?"

      They FUBAR'd the netblock where I have my main SMTP server. Some lists let me whitelist my addy, but SORBS has a jackass reputation for netblocking without any whitelisting option. Jackasses!

      I would presume that under IPv6 it will simply be a matter of blocking whole /64 blocks to prevent the zillion IP roulette o' spamming servers. Whitelisting would help for those who actually run respectable servers...

  2. Alex Brett

    Have they not heard of aggregation?

    Surely you just filter the entire /64 the person is spamming from, best practice is for each unique customer to get their own /64, so that shouldn't cause any issues with one customer causing problems for others.

    You can then quite easily do a bit of checking and if you build up a large number of /64s you block the containing e.g. /48 or whatever. Given I've just come up with this in about a minute, you'd expect the anti-spam companies to have already sorted it given they've had since 1998 to do so!

  3. Anonymous Coward
    Alien

    One-time address

    "As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email,"

    Did anyone else think, "One-time unisphere address" from Peter F. Hamilton's Commonwealth books on reading that?

    1. Anonymous Coward
      Thumb Up

      Shotgunning, I believe

      I liked the penalties imposed!

      Seriously though - move on from blacklist individual IPv4 addresses to blacklist the entire /64 Ipv6 block.

    2. Anton Ivanov
      Welcome

      The one time address was not enough

      The comms in the commonwealth books also used signing with certificates. A shotgun from an unknown user would have been ignored by most of the population. A shotgun from a grand family memmber... Hmm... Entirely different story.

      So, following the same analogy, IPv6 will probably lead us towards the universal acceptance of certificates for email much faster than we think.

      1. Lionel Baden
        Thumb Up

        from royalty

        I would ignore spam even if it came from Kate Middleton.

    3. Adam T
      Pint

      Unisphere

      I'm still waiting for Google to release u-shadow...

  4. My Alter Ego

    /64 Subnet

    As far as I'm aware, the plan is for residential customers to have a /64 block (as that's the smallest block allowed), and anything less would screw around with autoconfiguration.

    So immediately spam filtering can be done on 64 blocks, there's *only* 1.8 x 10^19 of them!

  5. Anonymous Coward
    WTF?

    IPs assignement and routing

    IPs must be:

    1) Assigned

    2) Routed

    Without this two operations you can set whatever IP you like to your PC and it won't work.

    Until now IP assignment procedures has been pretty lame, spammers has been able to hijack whole blocks (see for example Spamhaus DROP list) while Internet authorities was sleeping and did nothing, and criminal ISP helped spammer to use the hijacked IP blocks.

    If IANA, RIRs and other network authorities start to work seriously against rogue IPs is not difficult at all to block criminals and throw bad ISPs out of the Internet. If they believe they can be paid to do nothing like they did till now, well, IP6 will be a spammer & C. panacea.

  6. Anonymous Coward
    Stop

    Hogwash

    What a load of FUD.

    So what if there's suddenly loads more addresses available? The baddies still need to compromise computers to send the spam and there will be the same number of computers/connections (ok, slightly more due to increasing market; nothing to do with ipv6)... so just block the /64 ranges the same as we currently block single IP4 addresses.

    It's not like we're saying that on day x there will be 4.3x10^9 internet devices and on day (x+1) there will be 3.4x10^38

    I don't think that even the Chinese can ramp up manufacturing quickly enough for that!

    1. Robert Carnegie Silver badge

      Yes (I think).

      IPv6 theoretically allows an astonishing number of distinct device addresses to exist - but they don't have to be allowed to. The size will propbably rise fast as IPv6 is adopted and we stop hiding behind network address translation servers - although maybe you don't want people to know the real addresses of all your devices (but, 192.168.1.1, yo - or whatever the default is) - but not to exhaust the address space.

      Then again... if my nearly-invented IPv6 cell phone is supposed to connect to my home wireless network with the phone's own constant IP address, and if the device itself also can change that address to any unused address, then it does become slightly more difficult for the good guys to find out where the spam is coming from.

    2. Anonymous Coward
      Anonymous Coward

      Indeed

      "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective"

      Whoever would need more than 64k or memory? I mean, tch!

    3. Alec Peterson

      Let's not panic here...

      While statements asserting the vastness of the IPv6 address space are completely true, the conclusion that this means IPv6 reputation is impossible completely misses the point. IPv4 reputation tracking techniques would certainly fail to translate directly into IPv6, but why is that the only option? That's like replacing a wood house with a steel-frame house, but building it using exactly the same architectural plans. A different underlying technology gives the opportunity to innovate and establish an environment where carriers can get the IP-based reputation information they need. I’ve got some more thoughts on the topic in a blogpost. Google “MessageSystems blog” if you’re interested.

  7. Anonymous Coward
    Anonymous Coward

    IP filtering is often evil anyway

    Maybe I'm biased because I've been using ISP's which sometimes ended up in IP based filters, but I think this is a bonus and not a con. There are too many, IMO ignorant or arrogant, lists out there which will easily enter IP's which belong to an ISP itself, merely because some of its customers have caused issues (or may have).

    And so they deem it necessary to simply block the entire ISP and because of that all of its customers.

    Sure; I know: "tell the ISP so they can contact the list and so....". Yeah right. With good ISP's that will work out, no problem. But who will eventually be paying for the overhead costs of all that? And as such; many ISPs I'm familiar with block port 25 and you can get one open by paying an extra fee.

    I understand the need, don't get me wrong, but I do think that it also goes to show you that in a lot of cases IP blocking is plain out evil and ignorant.

    1. Anonymous Coward
      Megaphone

      @IP filtering is often evil anyway

      Wholeheartedly agree ShelLuser, I use several ISPs some of whom are very good at getting blocks lifted, but because there are so many block lists this can take multiple days in some cases - and in that time you can lose a lot of business.

      I am under the impression there are a lot of feasible methods out there to effectively stop spam dead, but because we are having to deal with so many disparate attempts to do the same thing and there is a lack of effective management of the entire net, that we will be forever losing to spammers.

      I am under the impression that too many big companies are making good money selling antispam.

      I look forward to the day when we can ditch email for the un-secured piece of s**t it has become.

    2. Anonymous Coward
      Anonymous Coward

      @ShelLuser

      "many ISPs I'm familiar with block port 25 and you can get one open by paying an extra fee."

      Good! That's best practice to fight against zombie machines. What is the problem with having your local SMTP server relay all outgoing email to your ISP's SMTP server to then handle? That's how it should work anyhow!

      1. Nick Ryan Silver badge

        Problem?

        How about when you don't want to use the ISP provided e-mail address?

        Nobody *sane* uses an ISP provided e-mail address - what about when you want to change ISP, your ISP goes under or some other drama? Suddenly you have to change e-mail addresses, and if you're foolish enough to be a business that's using an ISP's e-mail address not only do all your contacts have to change your e-mail address but you have to reprint stationary as well...

        Webmail is, of course, the answer to many problems and as dubious as some find them, gmail, hotmail, yahoo mail, etc do provide a non ISP specific e-mail address and the upshot is that you don't have to use a local mail client as well.

        1. AndrueC Silver badge

          Go do some research.

          >How about when you don't want to use the ISP provided e-mail address?

          How about you learn how SMTP works?

          Using your ISP's outgoing SMTP server doesn't mean you have to use an email address they have provided. All it does is - perhaps - obfuscate the sender information since you are effectively hiding behind someone else' server.

          The only reasons not to use your ISP's SMTP server are:

          * Reliability.

          * You want to implement effective SPF.

          * Your ISP's server keeps being blacklisted.

          1. Nick Ryan Silver badge
            Stop

            @AndrueC / Go do some research. #

            So before you start on the personal attacks, think about it first...

            You are right about the reliability, SPD and your ISP's server getting blacklisted, but this is only part of the problem

            Do you know how many ISPs only allow their own addresses through and nothing else? Some do allow anything but many block anything except their own addresses.

        2. pakraticus

          Yes port 25 should be blocked for most residential ISP IP addresses.

          If you need to send SMTP from your home, either send via submission (SMTP+TLS+SMTPAuth (SASL)) to your mail server at your colo (Also works with Google and Yahoo). Or get business class service where if there isn't a public record of how to send the torches and pitchforks to your home, they can atleast take them to your ISP.

          As for the can't blacklist. FUD. Greylisting kills most of the garbage. Yes there are idiot mail sources that don't work with greylisted recipients (FedEx, Google, Messagelabs). But they are fairly well known and there are read to use whitelists for them, some of them even have information on how to pull the SPF records to generate the white lists.

      2. Tom 35

        @AC

        "Good! That's best practice to fight against zombie machines."

        You mean the lazy way.

        The problem is that a lot of spam filters take one look at the headers and see the relay and block you.

        Lucky a lot of hosts setup a different port so you can bypas the block.

      3. Donovan Hill
        Go

        smtp relay

        Most clueful users will be using SSL to a submission port anyhow. And clueful admins will have this set up for their users to access.

    3. Kevin McMurtrie Silver badge
      Thumb Down

      Pick a better list

      I find IP address blacklists to be extremely useful. There's a lot of address space that is completely unmaintained or owned by criminals. A blacklist is not only efficient to implement, but pressures the network into cleaning up or going out of business. If there are too many false positives you can use a less aggressive blacklist.

      Content filtering is a losing game. The CPU power in hijacked networks always beats the CPU power in your analyzer. Finding ways to beat your filter is trivial and of no cost to the spammer.

  8. Anonymous Coward
    WTF?

    Cloudmark advocates what?

    >"Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound),"

    Err, what? They're saying that ISPs don't need to be able to receive any inbound mail except for the outbound mail?

    > Paton explained.

    An "explanation" is supposed to make the meaning of something clearer, not mangle it in overly-verbose gibberish...

    1. Anonymous Coward
      FAIL

      @Cloudmark advocates what? → #

      Errr easy.....

      Hotmail, Gmail, Yahoo, BT, AOL, VirginMedia have no reason to accept IP6 from each other.

      That's several hundred million email addresses sorted. or do you belive when you send an email via gmail to a hotmail account, it is sent from your pc to your mates?

      1. Anonymous Coward
        FAIL

        And why not?

        Why shouldn't they accept IPv6 from each other? Give me a SINGLE good reason! Gmail isn't going to be blacklisting Yahoo! any more than Hotmail, so it has nothing to do with this wannabe story anyways. Between DNSSEC, DKIM, and SFP, there's a pretty good chance that "This IPv6 connection that says it is Gmail" is probably #@*$ Gmail! Who cares if it's IPv4, IPv6, or DECnet for all that matter!

        1. AndrueC Silver badge
          Thumb Down

          Why make life difficult?

          Right now very few - if any - email servers are on IPv6. I bet there's precious little SMTP traffic on there. Email servers don't pop up every five minutes so chances are very good that they can be restricted to IPv4. Since that will help alleviate a problem we might as well do it.

          Your response implies that you think there's a problem with this idea. I don't see it bothering anyone except a few bad guys. For genuine users it's a non-issue.

          Seems to me like low hanging fruit worth picking.

  9. Anonymous Coward
    FAIL

    FUD

    As others have said, it's really easy to block the entire /64 subnet. Done and done! This is just pure FUD.

    I also have the "This measure will also protect the IPv4 reputation system that is currently in use and working well." quote. WHAT IPv4 reputation system? I'm not liable to trust an IPv4 IP any more than I am an IPv6 one!

  10. Charlie Clark Silver badge
    FAIL

    It's not all about addresses

    IPV6, if done correctly, provides the basis for a more reliable and, in theory at least, a safer (for a a given value of safe) infrastructure. As this requires network admins who know what they're doing I'll agree that this is promise is unlikely to be fulfilled.

    Anyway, botnets are the way forward. With or without quadrillions of addresses you can't rely on blacklists for them.

  11. Richard Gadsden 1

    /64 is still much bigger than IPv4.

    If you're blocking hacked customer IPs, then going from blocking an IPv4 /32 (single IP) to blocking an IPv6 /64 (home network) is still squaring the problem you have.

    Spamhaus' PBL, which lists domestic dynamic IP ranges that aren't supposed to host MTAs, is going to become much more important than their SBL, for example.

  12. Bakunin
    Stop

    Personal Mail Servers

    "Relatively speaking, there are very few real mail servers in the world"

    Does that include the one sitting under my desk at home?

    1. Flybert

      YES !!

      it is quite unusual for an individual to have a static IP or 2, presuming you are running a webserver with it's own nameserver set ..

      point is that even webservers handling 1000s of websites may have only 2 static IPs and a single mailserver handling all the @website.tld addresses

      I doubt mailservers are taking even 0.5% of IPv4 addresses .. very large mailservers might be handling 100,000s of customer addresses each ..

  13. Anonymous Coward
    Happy

    if you are troubled by spam

    go here and get yourself an account. Virtually spam free email.

    I'm sure Marty will gladly tell you how it is done, quite simply and very effective. IPV4 or 6, no problem

    http://maui.co.uk/home.html

    signed, a happy customer

  14. FrancisT

    Not a problem for good IP reputation services

    There are a bunch of ways to do this. As I just blogged - http://threatstop.wordpress.com/2011/03/08/ipv6-and-ip-reputation/ - our IP reputation system works just fine with IPv6 /64s (or even /48s or whatever other net block size is required).

  15. Joe Montana
    WTF?

    Stupid...

    Although the address space of IPv6 is much larger, addresses are given out in blocks... It doesn't matter if a spammer is using a million different addresses if they are all part of his /64 block, you can just blacklist the block itself.

    Also a single ISP will only get a single /32 block, unlike the current situation where an abusive ISP can get a number of completely different IPv4 ranges that spammers can use, making it much easier to block a rogue ISP.

  16. James 100
    Grenade

    Second most clueless IPv6 FUD so far

    This is the second dumbest FUD about IPv6 I've yet seen - the worst being the guy on Slashdot assuring me that we should all rush to adopt IPv6 because it makes it impossible for viruses to spread.

    Right now, spammers like the outfit on wrmN.com (with a rotating number for the N to evade crude blocklists) get themselves their own netblock - a /21 in this case - and spread their spammy antics across it. So, I plug 77.74.120.0/21 into my MTA's filter list and they're reduced to a few log entries each day. In IPv6, maybe they'd get themselves a /48 or bigger - same problem, same solution.

    OK, it'll require other MTA's to get the same filtering ability mine has - but they should have it anyway, the feature just becomes more useful this way. Or, of course, we get our upstream providers to null-route 'pink' netblocks and those who provide them with transit, which would be nice...

    1. pixl97
      Thumb Up

      DoublePlus

      I agree. Spammers change tactics, spam fighters adapt, wash, rinse, repeat.

      ISPs and smart hosts should give up on port 25 for client to server communication and instead move to AUTH SMTP over 587 or SSL over 465. Mail servers should have proper reverse dns and not dynamic or no rdns at all. I drop mail dead without DNS I like on the servers I run, kills tons of spam from bots running on peoples home computers. Rarely an issue, and most big ISPs like ATT do this already.

      New tools and methods may have to be applied to IPv6, but it's not really anything compared to what we're doing already

  17. Anonymous Coward
    Anonymous Coward

    As usual, the wrong approach

    Why isn't anyone doing research into why spam is profitable? Somebody out there is clicking on those links, buying that viagra, and sending money to Lagos. Consistently remove the buyer from the market and useless spam disappears (leaving only phishing, which is easier to defend against).

    Actually, I think it might be too late for open email. The future, to me, feels like web-of-trust email, where every sending address is blocked unles it is explcitly permitted by you. For example, 'accept mail from my Facebook buddies'.

    1. Michael C

      Challenge response messaging

      No traffic without return traffic. Want to send an e-mail, the relay server and/or receiving mail server issues a challenge, your PC computes an answer, it accepts the answer and passes the message. No messages can be sent that can;t be reverse verified. Messaged that don;t support this system get sent a return message the user has to manually reply to, and the original message is held in quarantine until that process is completed, or never delivered at all.

      its a simple system, and validates both sender and receiver e-mail address and IP routing. In order for a home PC to send spam, your router will have to allow incoming SMTP traffic to your PC on a port the virus opened... not likely to happen...

      This was proposed more than a decade ago, but the legitimate spam companies and businesses who send tons and tons of e-mail objected that is would cost too much server power to compute those automated answers and replies. Guess what folks, still would have cost less than stamps and snail-mail marketing or telemarketing. We let them control the industry, and now we suffer for it. Impose challenge response e-mail and other messaging systems, and we can end most spam.

    2. Bryce Prewitt
      FAIL

      Something about suckers and minutes.

      Look, dude, if we could treat the underlying disease behind the symptoms (of which spam is only one of many, and is exactly why it is successful) then we wouldn't have war, poverty, racism, sexism, religious extremism, rape or murder. I'm serious. Spam is insidious (and equally brilliant) because it preys on people's insecurities and neuroses. Smart people get taken in by spam all the time.

      Further, I take contention with your assertion that phishing is easier to defend against. If it was then there'd be no such thing as espionage. It's all a confidence and trust game. Sure, it might be on a computer, but the tactics are no different than they were a hundred years ago. How do you propose to prevent granny from responding to an e-mail from what looks to be her bank asking for her username and password?

      As far as web-of-trust e-mail goes... welcome to 2002 (most likely earlier). Web hosts and software packages have long been offering this. You know this, right? And in regards to "accept mail from my Facebook buddies..." Man, seriously? So, you're saying that Facebook, which is EASILY hackable/phishable, is a better/more secure form of e-mail? What happens when your buddy's Facebook gets hacked and he sends you a well designed scam? You're more likely to trust it coming from someone you explicitly gave permission to e-mail you, your friend, so is it really anymore secure?

      The best (only, really) defense against spam is a well trained Bayesian filter combined with a well maintained ISP/host-level blacklist. Also, knowing what not to do, what not to click on, etc. Even then, shit happens. That's why we have laws. Time to write better ones and then start enforcing them. Criminals get smarter, skirt the law. Rinse and repeat.

  18. Martin Usher
    Unhappy

    Address blacklists are just a kludge

    They're something that's cheap and simple to implement but ultimately they're pointless because addresses are easy to forge.

    Which is probably the one area v6 scores in. IPv6 in theory prevents people from hiding behind addresses. Which is both a good and a bad thing. Its good because you should be able to tie the source of the packet to the packet itself so you can quickly identify forged or unwanted packets. Its bad because now the powers that be can identify exactly who sourced what traffic....your address can become your signature...

  19. Anonymous Coward
    Anonymous Coward

    Actually, this makes things better....

    If you take a blinkered "apply the same technology in the same way" approach, then of course it will not work as effectively.

    However, as many above have pointed out it is all about aggregation.

    Individual organisations will generally be allocated a /48, which is 2^80 addresses. (That's what I have routed to my house....)

    Although this is 2^48 times the size of the IPv4 Internet, it does not matter. Bad net behaviour from any IP address in the /48 reflects upon that organisation, and there is no need to be any more granular that this.

    An ISP will get addresses in blocks of /32 (2^96 addresses). This will be allocated out in 65536 /48's to individual organisations, and THIS is where things actually get better than they are now. If an ISP is Spammer-friendly and tends to attract spamming customers, then entire /32's start to look dodgy. So we blacklist poorly behaving /32's. That finally gives us a statistical view of what an ISP is like. They're not going to be given multiple /32's until they have filled their first one. And that finally gives a tool to make even Spammer-friendly ISPs less attractive - because their network range gets blacklisted. Isn't this a win-win?

    It just takes a bit of slightly more than superficial thought about the problem as a whole.

  20. Anonymous Coward
    FAIL

    mind boggling

    Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time." ®

    Distributed scanning is already being used by some of the C&C nets; this just means they would have to update their algorithms.

    eg. your statement is false.

  21. Anonymous Coward
    Boffin

    Yawn

    IP black lists have never been a valid method of network security. Just a method used by lazy people.

    Let's start stirring people up about running out of MAC-48/EUI-48 address spaces! Never mind EUI-64.

  22. copsewood
    Boffin

    Don't accept unsigned IPV6 email

    Once it starts to make sense to accept IPV6 email it will make sense to accept it much more selectively than for IPV4 email. The problem with technologies similar to DNA/CSV or DKIM is that you can't reject on the basis of non adoption in IPV4 world and because of this there is too little incentive for admins to adopt these sender verification technologies. As IPV6 email adoption is so small anyway, it costs you very few false positives if you have a much more stringent acceptance criteria for IPV6 email.

    That means that admins with enough of a clue to implement IPV6 have no reason not to DKIM sign all outgoing messages and install the relevant DNS records. Those who implement IPV6 without DKIM or something equally good for establishing the responsible domain will learn the hard way not to do this by having all or enough outgoing rejected.

    Then you can accept/reject/defer reliably enough based upon domain reputation and simply ignore the client IPV6 address.

    Once better spam accept/reject decisions are made using IPV6 email the other kind will die rather quickly.

  23. Lusty

    whitelist

    Why not start an IPv6 whitelist and advertise appropriately. That way we can easily accept mail only from legit sources and then block spammers by removing them immediately. For that matter I'd imagine IPv4 whitelist would be smaller than the current blacklists.

    Alternatively, surely we could set the system up to scan the worlds DNS servers for MX records and only accept mail from something with a valid entry? there's no reason you'd mail directly out from anything without an MX record - any device you own can route back to a company mail server first.

  24. Michael C
    Alert

    Complete FUD

    Just because there's a ridiculous pool of addresses has no impact on the fact that they're still being DOLLED OUT, in blocks. It will be easy to simply block all traffic from unassigned IPv6 blocks, international routers won't carry the traffic, they can;t just pick any-old IP address, they have to pick one that's been ENABLED.

    Each home/residence/ small business/whatever will get a block, device manufacturers will also likely get blocks, setting the default IP of devices (think mobile phones, where all VZW phones of a certain make all use a predictable (though random enough) range of IPs, no different then we assign phone number or SIM IDs in series today).

    hackers can't simply snag an IP and spam away, something has to know of that IP block and allow it to communicate, otherwise it's just a local address in a local network no router will pass traffic for... No matter how many IPs they make up behind your IPv6 home router, the ISP sees a single address range, and can quickly block the entire thing. You can;t just go grab any random public IP from your ISP, it has to be provisioned, from an available address block. IPv6 is no different. The number of addresses in use won't dramatically change (in terms of routable endpoints).

  25. John Smith 19 Gold badge
    WTF?

    10 years on and this is *just* a problem?

    Icon says it all.

  26. Anonymous Coward
    IT Angle

    SPF ...

    What happened to SPF records in the DNS ?

    1. json

      yahoo

      .. being a spammers best friend refuses to use it.

    2. copsewood
      Boffin

      SPF tries to do too much

      SPF ended up far too complex, so after some initial enthusiasm several years ago relatively few admins maintained the relevant DNS records for it. It failed to be a useful blacklisting criteria, though some recipients use it to assist with whitelisting.

      CSV is a much simpler proposal in the sense that it only asserts the responsible relaying domain and doesn't try to make any claims about the original sender or the routing the originating sender is allowed to use. The receiving server only really wants reputation knowledge concerning its directly connecting and sending client anyway. CSV is much easier to implement in software than SPF.

      http://tools.ietf.org/html/draft-ietf-marid-csv-dna-02

      If you want a more heavyweight originator signing scheme use DKIM.

      With any of these domain based verification schemes you will need a means of establishing domain reputation as well, e.g. by using a RHSBL or DNA, see:

      http://www.webopedia.com/TERM/R/RHSBL.html

  27. Yes Me Silver badge
    WTF?

    Blatant commercial FUD - obvious commercial motivation

    As others have said, this is FUD. And there would be a reason for it: it's to conceal the fact that the vendor in question simply isn't ready to support IPv6 (despite having had 15 years' notice). This won't be the only vendor hiding its product failure behind the "easy" way out.

    I believe there were vendors of horse-drawn vehicles who took a similar approach a hundred years ago or so. Where are they now?

  28. Franklin

    A title is required

    Current spam filtering techniques aren't really the right way to go about dealing with the problem of spam anyway. A better, and in my estimation the only truly effective, way to go about it is financially. Spammers spam for money, after all.

    Going after the money can be done directly (eg, pursuing credit card transaction processors not to process transactions for spammers and malware authors), or indirectly (eg, pursuing ISPs who knowingly permit spammers and malware authors on their networks). There is a financial incentive not only to spam, but also as an ISP to tolerate spam.

  29. Shannon Jacobs
    Welcome

    Divide by zero is a bad economic model

    It seems amazing to me that there is so little understanding of the spam problem. The spammers are dividing by zero. It's not that the real costs of email are zero. Email consumes resources and time--but NOT the spammers' resources and time.

    This is a slightly contrived example to make the case clear, but imagine the spammer merely changes a parameter for how much spam to send from 4 to 6. This commands the zombot network to send 6 million spams rather than 4 million. If that results in two more suckers sending money to the spammer, then the spammer thinks his RoI is divided by zero--on HIS side.

    Now we are apparently going to use IPv6 to create a NEW version of dividing by zero. If we allow IP addresses to propagate at zero cost, OF COURSE the spammers will exploit that new form of division by zero. It's sort of like creating an infinite amount of real estate out of thin air, and of course the spammers couldn't care less if they are destroying the value of the rest of the universe. All the spammers care about is finding a few more suckers with cash.

    As regards IPv6, the solution is again obvious--to me, at least. The cost of getting an IP address must be realistic and higher than zero, and that cost MUST be carried by the user of the IP address. ANY payment in advance will be sufficient to break the spammers' divide-by-zero model of economics.

    However, the spam countermeasure I currently favor would be organized virtual lynch mobs. Essentially I think the major email providers should provide anti-spammer tools to help the LARGE number of people who hate spam get between the spammers and the very SMALL number of people who feed the animals. I'd be glad to donate a bit of time towards giving the spammers (and ALL of their accomplices) as much hell as possible. The suckers can't react faster than other humans, and the spammers can't obfuscate beyond the suckers' comprehension.

    In English, there is a lot of confusion around the heavily overloaded word "free". Yes, free speech is priceless, but that doesn't mean the REAL costs of various forms of speech can be ignored. You can't make email free in the economic sense just because SMTP pretends that costs don't exist.

  30. Henry Wertz 1 Gold badge

    Bayesian filter?

    I figure "Moore's law to the rescue." I have been running spamprobe for years, this program uses a bayesian filter -- to initially train it, I save spam into a "spam" folder, any falsely marked spam into a "non-spam" folder, and then I run a "spamprobe-train" script that processes that information (it uses words and two-word groups to recognize spam and non-spam). After a matter of days, it blocked virtually all my spam with no false positives. When I started using spamprobe, it'd take a good 5 minutes to filter my mail. Now, thanks to Moore's law, it can scan my E-Mail usually as fast as fetchmail can get it (large attachments will back it up a few seconds.) When my ISP said they would charge a few $ a month for spam filtering, I said "no thanks", so my spam filter just gets trained all the better. I have had my E-Mail address since the 1990s, and personally pissed off a spammer back in the early 2000s, so I get 300-700 spams a day; about 0-2 make it through the filter.

    (This spammer, I sent an E-Mail to "his ISP". Got back a real snow-job message making it clear that this "ISP" was just a front so complaints to the abuse contact would just go to the spammer. So I contacted *that* "ISP"s ISP, and they disconnected his ass. Less than a week later I went from about 20 spams a week to like 800 a day. My ISP had not implemented any spam filtering yet, luckily spamprobe had just come out. My spam quantities have actually decreased slightly since then.)

  31. json

    # of blacklisted IP's

    we run very busy mail servers (serving 100+ domains) in conjunction with public RBL's and our our own automated blacklisting system we have about 500k IP's listed at any one time (we stale and remove IP's after a few days of 'good behaviour'). Add a couple of hundred if you include yahoo mail servers which regularly spews out spam (and it being yahoo -- we had to whitelist -- bummer). I recall it went up to 750k early last year.. IMO, with IPv6, it wouldnt really be that different as what others who commented pointed out, they wont lose their traceability and even if they get a chunk we'll probably employ some sort of blocking entire subnets. Messy, not to mention tedious but possible.

  32. Anonymous Coward
    Troll

    Who the hell still uses email?

    Haven't they seen the usage graphs? By the time IPv6 happens, the last couple of email users won't notice anyway.

  33. 123456789
    Megaphone

    IP and other low level do not work

    It obviously means that none of the formal IP-based or even text-based spam or content filters can work generally. There is the necessity of using more sofisticated AI-enabled tools, which does not care about the protocols and other low-level techs and successfully behaves only on semantics (visual, textual, etc.)

  34. Guy Smith

    Time for blacklists to die

    One weakness of IP focused black lists (as recently demonstrated to me by some rather incompetent folks at Trend Micro) concerns shared servers.

    If a spammer uses a shared server to send email, then all legit email senders on that shared server are suddenly disabled by the blacklist. Aside from being inappropriate, there may well be some legal issues in the U.S. concerning this, especially if the legit email is communicated between a service in one state and a subscriber in another.

    Frankly, I'm ready for a better approach and don't care if IP blacklists die in the process.

This topic is closed for new posts.

Other stories you might like