SixXS::Sunset 2017-06-06

IPv6 Mailserver Whitelist anti-spam initiative
[nl] Shadow Hawkins on Wednesday, 17 August 2011 19:06:52
Today I found I could no longer send mail to an IPv6 enabled ISP, because of their use of the IPv6 Mailserver Whitelist at ipv6whitelist.eu. See http://www.ipv6whitelist.eu/ What is your opinion on the usefulness of this initiative? I think it's just annoying. I doubt whether it stops any real spam, but I do see it breaks legitimate mail systems, and basically punishes one for having enabled IPv6. Their assumption that mailserver would fall back on IPv4 if your IPv6 address is not whitelisted is flawed. Many MTA's such as qmail and postfix will not fall back to IPv4 if an IPv6 session is rejected at the SMTP level. Moreover, whitelisting is available only for admins with a Dutch RIPE handle, who have to go though complex procedures. So that this ISP can avoid Dutch IPv6 spam...
IPv6 Mailserver Whitelist anti-spam initiative
[ch] Jeroen Massar SixXS Staff on Thursday, 18 August 2011 00:30:42
Their network, thus if they don't want to receive email, that is their problem ;) There appear to be several quite clued in people involved in that project though. Note that generally a white list just makes sure that mail arrives as it overrules a blacklist entry. As such it makes sure that if a legit ISP gets listed on a backlist, that entry is effectively ignored and mail is still accepted due to the whitelist.
Many MTA's such as qmail and postfix will not fall back to IPv4 if an IPv6 session is rejected at the SMTP level.
SMTP level rejections (4xx or 5xx) are final decisions by that MX to not receive the message. Postfix will actually try all AAAA and A records (upto a default of 20) for 3xx (temporary) rejections though, even though it should hop to the next MX instead...
Moreover, whitelisting is available only for admins with a Dutch RIPE handle, who have to go though complex procedures. So that this ISP can avoid Dutch IPv6 spam...
See above, I don't think you understand the concept of whitelist. Note also that this list exists for IPv4 too amongst ISPs in The Netherlands.
IPv6 Mailserver Whitelist anti-spam initiative
[nl] Shadow Hawkins on Thursday, 18 August 2011 03:20:48
Their network, thus if they don't want to receive email, that is their problem
Yes it's their decision. But they are also blocking mail to my customer, who is also their customer, so it's not just their problem.
Note that generally a white list just makes sure that mail arrives as it overrules a blacklist entry.
There is no blacklist in this case. The blacklist is the entire IPv6 address space. They are saying there are too many addresses in the IPv6 address space for blacklists to handle. So they are reversing things. You need to be on their whitelist or go away. I'm not even sure if they think it's OK to fall back to IPv4 or just leave.
Postfix will actually try all AAAA and A records (upto a default of 20)
Current Postfix will only try twice by default, and will prefer the IPv6 address of another MX over the IPv4 address of the same MX, again by default.
Note also that this list exists for IPv4 too amongst ISPs in The Netherlands.
Yes, whitelists that overrule blacklists. None that are used on their own, that I know of.
IPv6 Mailserver Whitelist anti-spam initiative
[nl] Shadow Hawkins on Thursday, 18 August 2011 03:36:14
Note that generally a white list just makes sure that mail arrives as it overrules a blacklist entry
Here are some quotes from the ipv6whitelist:
we create a list of registered mailservers, the inverse of which will automatically be a list of non-registered mailservers. ... Thanks to this simple distinction we can simply block all traffic originating from non-registered mailservers by default, which will generally be hijacked computers that form the so called botnets
So everyone not on their list is must be a hijacked computer, is what these "quite clued people" are saying. They are not even considering the possibility that legitimate mail could originate from a source that can not or will not register on their list.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker