nanog mailing list archives

Re: comcast ipv6 PTR

From: Mark Andrews <marka () isc org>
Date: Thu, 10 Oct 2013 12:35:52 +1100


In message <21077.65231.279689.263778 () world std com>, Barry Shein writes:


On October 9, 2013 at 11:49 cma () cmadams net (Chris Adams) wrote:
 > Once upon a time, Robert Webb <rwebb () ropeguru com> said:
 > > But how would thet differ from the IPv4 address space which has PTR
 > > records for all their IP's? Just the shear number they would have to
 > > deal with in the IPv6 space?
 > 
 > Oh, are you looking for auto-generated reverse for every address?
 > That's not going to happen for IPv6 (and it turns out that it wasn't
 > really a good idea for IPv4).  There's no reason to have reverse DNS
 > unless it has meaning, and "12-34-56-78.rev.domain.net" isn't really all
 > that useful.

It's very useful for blocking spammers and other miscreants -- no
reason at all to accept SMTP connections from troublesome
*.rev.domain.net at all, no matter what the preceding NNN-NNN-NNN-NNN
is.

Perhaps not their problem, but it is useful!


And not accepting SMTP from everybody leaves your customers exposed
to NSA and others snooping the wires or ISP being subject to
warrentless requests to send all the email delivered to their
submission and other servers to various government agencies under
the idiotic notion that email is always sent in the clear so it
doesn't need a warrant.

Direct to MX reduces the risk of snooping to the two end points and
end point MITM can be detected with the use of tls.

If we want secure email, and we should want secure email, then we
should be pushing for direct to MX with every customer hosting their
own MX server and start tls on by default.

Yes that comes with the risk of additional spam but get over it and
run proper abuse desks.

Mark

-- 
        -Barry Shein

The World              | bzs () TheWorld com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: comcast ipv6 PTR, (continued)
- - - Re: comcast ipv6 PTR Mark Andrews (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 16)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 16)
    - Re: comcast ipv6 PTR Barry Shein (Oct 15)
    - Re: comcast ipv6 PTR Doug Barton (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
    - Re: comcast ipv6 PTR Brielle Bruns (Oct 15)
    - Re: comcast ipv6 PTR Brielle Bruns (Oct 15)
    - Re: comcast ipv6 PTR Bjørn Mork (Oct 15)
    - Re: comcast ipv6 PTR James Cloos (Oct 17)
    - Re: comcast ipv6 PTR Mark Andrews (Oct 09)
    - Re: comcast ipv6 PTR Barry Shein (Oct 09)
    - Re: comcast ipv6 PTR Blair Trosper (Oct 09)
    - Re: comcast ipv6 PTR Livingood, Jason (Oct 09)
- Re: comcast ipv6 PTR Andrew Sullivan (Oct 09)
  - Re: comcast ipv6 PTR Constantine A. Murenin (Oct 09)
    - Re: comcast ipv6 PTR Chris Adams (Oct 09)
    - Re: comcast ipv6 PTR Ted Cooper (Oct 09)
- Re: comcast ipv6 PTR Cutler James R (Oct 09)
- Re: comcast ipv6 PTR Paul Ferguson (Oct 09)
- comcast ipv6 PTR Brzozowski, John (Oct 09)