IPv6 smtp spam

Tim Chown tjc at ecs.soton.ac.uk
Wed Apr 23 14:58:32 CEST 2008


On Thu, Apr 17, 2008 at 09:19:39AM -0700, SM wrote:
> Hi Tim,
> At 07:07 17-04-2008, Tim Chown wrote:
> >After the recent discussion on IPv6 smtp...
> >
> >We've now started recording the volumes of IPv6 mail and spam that
> >we're receiving externally on our MXes.
> 
> There goes my argument that IPv6 can solve the spam problem. :-)

Having now added IPv6 transport mails to our service graphs for a week,
we're running at an average of 410 mails per day over IPv6, plus an
average of 525 spams per day.    So it's sticking around 1000 mails
a day, and the spam rate is over 50%, but not at IPv4 ratios (yet).

> >Over the past 30 days our netflow data suggested about 1K per day,
> >comapred to 500K IPv4 messages.
> 
> Can you determine the percentage of spam originating from IPv6 tunnels?

Well, we could record the sender IPs and run some tests I guess.   
The RIPE-NCC chaps used to have some tunnel detector code that they
ran, which worked by looking at PMTUs:

	http://www.ripe.net/ttm/Plots/pmtu/tunneldiscovery.cgi

which was done between the RIPE TT boxes.    I guess one indicator
of native rollout is the percentage of green nodes on this chart.

Any 2002::/16 prefix source is clearly tunnelled v6 in v4, but otherwise
it may not be trivial to figure out other sources (who may tunnel to or
between some networks and not to or between others of course).

-- 
Tim


More information about the ipv6-ops mailing list