IPv6 black lists?

Dave Taht d at teklibre.org
Wed Mar 10 00:57:38 CET 2010

On 03/09/2010 04:41 PM, Mark Schouten wrote:
> On Wed, 2010-03-10 at 09:47 +1300, Brian E Carpenter wrote:
>> But is dnsbl a technique that should be encouraged for IPv6?
>> It's already a blunt weapon for IPv4. As the virbl site notes,
>> for IPv6 the only practical atom is a /64 and that is a *very*
>> blunt weapon indeed. Its potential for false positives is
>> extremely high.
> That's not what we do. We list the /128 and if we find>  5 /128 in the
> same /64, we block the /64. That way, the false positives are limited,
> although not eliminated. But at least we can expect the admins attention
> on this subnet. :)
So this translates out to 2^16*5 = 327680 detected spams to get 
completely blocked for someone that gets a /48 allocation from some 
tunneling provider or another. While I suppose the virbl method will 
work for random zombie machines which can't change their ip addresses, 
it's not going to slow down a dedicated abuser all that much.

I tend to think that changing the relevant RFC (sorry, can't remember 
which one) for exchanging email to require a valid certificate for email 
exchanged over ipv6 would be more effective in that case.

More information about the ipv6-ops mailing list