RE: How to wish you hadn't rushed ipv6 adoption Force the whole world to switch to IPv6 within the foreseeable future, abolish IPv4... all within several years or even within 50 years... and then watch spam filtering worldwide get knocked back to the stone ages while spammers and blackhat and grayhat ESPs laugh their way to the bank... that is, until e-mail becomes unworkable and is virtually abandoned. I welcome IPv6 adoption in the near future in all but one area: the sending IPs of valid mail servers. Those need to stay IPv4 for as long as reasonably possible. It turns out... the scarcity of IPv4 IPs in THIS area... is a feature, not a bug. That scarcity makes it harder for spammers to acquire new IPs, and they therefore pay a price for the ones they burn through via their spam-sending. Likewise, scarcity of IPv4 IPs *forces* ESPs, hosters, and ISPs to try HARD to keep their IPs clean. THEY pay a price when a bad-apple customer soils up their IP space. In contrast, with IPv6, order of magnitude MORE IPs are easily acquired, and order of magnitude more are in each allocation. It is truly a spammer's dream come true. This reminds me about a recent article Brian Krebs wrote about a famous hoster who slowly drove their business into the ground by allowing in the kind of spammers that look a little legit at first glance. (like the "CAN-SPAM" spammers who are doing nothing illegal, follow the law, but still send to purchase lists). But even this hoster's bank account was bursting at the seams with cash due to a booming business, their IP space's reputation was slowly turning in crap. Eventually, they started losing even their spammer customers. Then, their CEO made a decision to get serious about abuse and keeping spammers off of their network---and this turned into a success story where they now run a successful hosting business without the spammers. In an IPv6 world, I wonder if they would have ever even cared? There would always be new fresh IPv6 IPs to acquire! There would never have been the "motivation" to turn things around. There would always be new IPv6 IPs to move on to. (or at least enough available to "kick the can down the road" and not worry about any long term repercussions). It was ONLY when this CEO started seeing even the spammers start to leave him (along with some SpamHaus blacklistings)! that he realized that his IP reputation would eventually get so bad that he be virtually out of business. It was ONLY then that he decided to make changes. Would this have happened in an all-IPv6 world? I highly doubt it! He'd just keep moving on to fresh IPs! The cumulative sum total of all those hosters and ESPs downward spiraling in an IPv6 world... could cause the spam problem to GREATLY accelerate. Meanwhile, sender IP blacklists would become useless in an IPv6 world because the spammer now has enough IPs (in many scenarios) to EVEN SEND ONE SPAM PER IP, never to have to use that one IP again FOR YEARS, if ever. So a blacklisting is ineffective... and actually helps the spammer to listwash spamtrap addresses... since the ONE listing maps to a single recipient address. Now the sender's IP blacklist is even less effective and is helping the spammers more than it is blocking spam! And did I mention that the sender's IP list has bloated so large that it is hard to host in DNS and hard to distribute--and most of the listings are now useless anyways! Yes, there are other types of spam filtering... including content filtering techniques. But in the real world, these only work because the heavy lifting is ALREADY done by the sender's IP blacklist. The vast majority of this worldwide "heavy lifting" is done by "zen.spamhaus.org". If many of the largest ISPs suddenly lost access to Zen, some such filters would be in huge trouble.... brought down to their knees. Now imagine that all the other sending-IP blacklists are gone too? In that spammer's dream scenario, the spammer has upgraded to a Lamborghini, while the spam filters have reverted back to the horse and buggy. Serious, that analogy isn't the slightest bit of an exaggeration. Yes, you can STILL have your toaster and refrigerator and car send mail from an IPv6 address... they would just need to SMTP-Authenticate to a valid mail server... via an IPv6 connection... yet where that valid MTA would then send their mail to another MTA via IPv4. Since the number of IPv4 IPs needed for such valid mail servers is actually very, very small (relatively speaking), then it isn't a big problem for THOSE to get IPv4 addresses, at a trivial cost. We might even see IPv4 open up a bit as OTHER services move to IPv6. IPv6 addresses NOT being able to send directly to the e-mail recipient's IPv4 mail servers might actually help cut down on botnet spam, which is an added plus! (whereas those IPv6's IPv4 predecessors sometimes could send that botnet spam directly to the recipient's mail server). So push IPv6 all you want.. .even "force" it... but please don't be too quick to rush the elimination of IPv4 anytime soon. And lets keep MTA sending IPs (which is server-to-server traffic) as IPv4-only, even if they are able to receive their own customers' SMTP auth mail via IPv6. Otherwise, we'll be having discussions one day about how to limit WHICH and HOW MANY IPv6 addresses can be assigned to MTAs! (hey, maybe that isn't a bad idea either!) -- Rob McEwen