SMTP over IPv6 : gmail classifying nearly all IPv6 mail as spam since 20140818

Sat Aug 23 11:41:11 CEST 2014

Le 23 août 2014 à 07:51, Michael Chang <thenewme91 at gmail.com> a écrit :

> I was under the impression that it wasn't so much about there being more IPv6 spam as much as tracking IPv6 reputation based on addresses was computationally infeasible.
> 
> If a spammer gets a hold of a /64, then the spammer can send 18 billion billion (~2^64) different email addresses, each coming from a different IP address. Never-mind that a spammer can go to a half-dozen tunnel brokers and get /48s for free.
> 

Indeed, if your repudiation algorithm is naïve. Blacklisting by /128 is not viable.
But you can definitely filter by /64.

For smaller prefixes (/48, /56), you can try to put a reputation on prefixes (depending on the number of /64 you already blacklisted) in order to blacklist the entire prefix.

Best regards.
Emmanuel Thierry

> 
> On Fri, Aug 22, 2014 at 8:18 PM, Brian E Carpenter <brian.e.carpenter at gmail.com> wrote:
> On 23/08/2014 11:16, 🔓Dan Wing wrote:
> > On Aug 22, 2014, at 7:42 AM, Matthew Huff <mhuff at ox.com> wrote:
> >
> >> Currently it is not feasible to do ipv6 reputation filtering. IPv4 reputation filtering is a big part of most anti-spam engines, so without it, SPF / DKIM of domain reputation is the best alternative.
> >>
> >> BTW, we have had to remove all IPv6 from our mail gateways due to the large number of Exchange SBS with broken isatap/6to4 tunnels causing mail to blackhole.
> >
> > MTU issue?
> 
> I can't speak for Teredo, but for 6to4 there is a whole list of
> possible issues ( http://tools.ietf.org/html/rfc6343 ). PMTUD failure
> and/or MSS negotiation failure are on the list, and so is reverse
> DNS failure.
> 
>    Brian
> 
> >
> > -d
> >
> >
> >> These have been at small web based retailers which don't have hosted email. After the third incident, we yanked our IPv6 from our MX/gateways.
> >>
> >>
> >>
> >> ----
> >> Matthew Huff             | 1 Manhattanville Rd
> >> Director of Operations   | Purchase, NY 10577
> >> OTA Management LLC       | Phone: 914-460-4039
> >>
> >> -----Original Message-----
> >> From: ipv6-ops-bounces+mhuff=ox.com at lists.cluenet.de [mailto:ipv6-ops-bounces+mhuff=ox.com at lists.cluenet.de] On Behalf Of Nick Hilliard
> >> Sent: Friday, August 22, 2014 10:25 AM
> >> To: Lorenzo Colitti; Laurent GUERBY
> >> Cc: IPv6 Ops list
> >> Subject: Re: SMTP over IPv6 : gmail classifying nearly all IPv6 mail as spam since 20140818
> >>
> >> On 22/08/2014 15:16, Lorenzo Colitti wrote:
> >>> Are you following the "Additional guidelines for IPv6" section of
> >>> https://support.google.com/mail/answer/81126 ?
> >> Lorenzo,
> >>
> >> it looks like Google is trying to enforce SPF / DKIM on ipv6 connections
> >> where there is no similar requirement for ipv4.  Is there a particular
> >> reason for this?  It's causing a lot of breakage.
> >>
> >> Nick
> >>
> >
> >
> 
> 