On 03/28/2013 08:29 PM, Douglas Otis wrote:
IPv6 makes publishing IP address reputations impractical.
For individual addresses, sure. But one of the (if not *the*) primary benefits of v4 reputation is the test of whether or not the address is in a botnet range (aka, ranges assigned to end-users). That will still work quite nicely with IPv6, assuming that the ISPs cooperate at roughly the same levels they do now with IPv4.
Since IP address reputation has been a primary method for identifying abusive sources with IPv4, imposing ineffective and flaky replacement strategies has an effect of deterring IPv6 use.
I personally don't believe this is true. One of the things that IPv6 advocates encourage folks to do is to put their mail infrastructure on IPv6 first as a test, since the mail protocol is relatively forgiving. That is a good piece of advice, which a lot of sites seem to have followed.
That said, I don't necessarily disagree with your thoughts about domain reputation vs. IP address reputation. I think that there is room for discussion about that.
On the other hand I don't agree with your negative view about DKIM and SPF. I recently moved from an IHP to my own VPS, and set up both DKIM and SPF for my active domains. The former has allowed me to send mail to various places that didn't accept mail from my old IHP's servers. And I have a hard-fail on my SPF records, and that has cut to nearly zero the amount of Joe-job backscatter I receive (whereas previously it was in the 3-10 messages per day range).
I don't think either mechanism is perfect, and I'm intrigued by DMARC although I haven't really had time to study it yet. But in my anecdotal experience both DKIM and SPF are useful at least, and seem to work well, so I'd hate to see them out with the bathwater.
Doug