|
| Tweet Follow @spamhaus |
|
|||
 QNAMEĀ MinimizationĀ and Spamhaus DNSBLs The beta nature of the Threat Intel Community Portal Want to submit data? Be our guest! The return of the ASN-DROP Qakbot - the takedown and the remediation Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Older News Articles:  Spamhaus News INDEX |
The Spamhaus Project has released a document outlining Spamhaus' strategy with respect to Spamhaus' IP blocklists and their future in an IPv6 enabled world. Entitled "Spamhaus IPv6 Blocklists Strategy Statement", the document focuses exclusively on IPv6 DNS-based blocklists and gives technical details of how Spamhaus plans to implement them. The document draws attention to a potentially serious problem that can affect DNS caches once the world transitions to using IPv6 for email. The vast size of the IPv6 space means that spammers will be able to obtain huge allocations of IPv6 space to spam from and could then easily do "spread spectrum" spamming, using a different IP address for every message. This risks quickly overflowing DNS infrastructure worldwide. To guard against this, Spamhaus is developing a new robust and sophisticated DNS-based method of publishing blocklists for IPv6, using a 'B-tree' design. Spamhaus believes the IPv6 DNS cache overflow problem is serious and notes that the problem is not limited to DNS-based blocklists but extends to reverse DNS ("rDNS"), whereby if rDNS is allocated to vast IPv6 networks spammers can easily cause similar problems with DNS caches. The Spamhaus plan is to implement IPv6 DNSBLs in two stages, designed to allow users to continue using the negative reputation of IP addresses in IPv6 as one of the criteria to reject spam email at the server level, but at the same time also preventing damage to the world's DNS infrastructure. Spamhaus predicts that email will be among the last of the Internet protocols to move fully to IPv6 and that the move of the majority of email traffic to IPv6 will take many years. This is partly due to the very nature of SMTP's current usage. With mailservers handling email for large communities on relatively small numbers of IP addresses, IPv4 works perfectly and there has never been a need for massive numbers of IP addresses to host mailservers (unless one is spamming, of course). While today DNS-based blocklists are the work-horses of the spam filtering world, doing the majority of the 'heavy lifting' work before mailservers are burdened with content checks, in the future under IPv6 Spamhaus sees DNS-based blocklists as part of a more sophisticated system of checks. For a number of years Spamhaus has been working on new spam filter systems, which include new IP blocklists, IP "allow-to-the-next-level" lists (neither blacklists nor whitelists), domain blocklists and domain whitelists to be used in conjunction with DKIM. Though new designs such as IPv6 do present many problems when migrating to them, they can also offer opportunities to design a better way forward. Spamhaus' full strategy for filtering email in IPv6 - covering IP and domain blocklists, new reputation lists, domain whitelists and DKIM signing and reputation - will be detailed in a forthcoming 'strategy for filtering email in IPv6' document. Online Statement: Spamhaus IPv6 Blocklists Strategy Statement Download PDF: Spamhaus IPv6 Blocklists Strategy Statement (PDF) RFC 6177: IPv6 Address Assignment to End Sites "It is no longer recommended that /128s be given out." |
Press OfficeSpamhaus News IndexSpamhaus in the mediaAbout SpamhausSpamhaus Official Statements |
Permanent link to this news article: Spamhaus Releases IPv6 Blocklists Strategy http://www.spamhaus.org/news/article/668/spamhaus-releases-ipv6-blocklists-strategy  Subscribe to RSS News Feed |
Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|