On Mon, Jul 1, 2024 at 2:48 PM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > > On 7/1/24 12:58, Phillip Hallam-Baker wrote: > > > I don't see that happening for SMTP because the big cost of managing > > SMTP services is the anti-abuse system, in fact that is pretty much > > the only cost. And going from 32 bits to 128 bits (or 64 if you want > > to look at it that way) is simply too much leverage to hand over to > > the attackers. > > Well, the existing anti-abuse system is itself effectively a DoS attack > on email, so sooner or later people might start realizing that. > > And associating reputations with 32-bit IPv4 source addresses, to the > extent it works at all, becomes less and less viable every day. > > So the reputation system can lose because there are too many different > parties using a particular 32-bit source address, or it can lose because > there are so many 128-bit source addresses that the bad guys can just > keep using new ones. Either way, it loses, and valid mail doesn't get > delivered far too often, and more and more people use something besides > Internet email. Which, of course, has been happening already for many > years now. In the past, I watched the IP range of a blacklist grow larger and larger as AT&T would not kick a [known] spammer off their network. The range got so large it DoS'd the Social Security Administration. This was back in 2002 or 2003, before <https://www.techdirt.com/2006/10/09/will-spamhaus-get-shut-down-over-dispute/>. > Really that's not an IPv4-vs-IPv6 question. Yeah, I often wonder about conflating spam control with IPv4/IPv6 addressing. I always found them to be two separate issues. Jeff
