Stuart Paton, Senior Solutions Architect EMEA, Cloudmark outlines why the spam implications of IPv6 should be taken more seriously:
“The Internet is quickly moving to adopt a new technology for the underlying networking used to track nodes on the network and communicate. However, the introduction of the IPv6 scheme could have a far reaching impact on spam security. As an example, the primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them - a process known as IP Blacklisting. With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this. This is one example, but there are other examples across the web.
“IPv6 has been designed to have a significantly larger number of available IP addresses than IPv4. We are talking 3.4 x 10^38 compared to 4.3 billion (4.3 x 10^9). Fundamentally, this presents serious difficulties in tracking all of the IPs for any purpose-email sender reputation, denial of service, sources used for malicious sign ups to websites, sources of click fraud attacks, influencing of search engine results, and many other scenarios.
“As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email. Based on these new risks with IPv6, Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound). This would ensure business continuity for ISPs and provisioning of ADSL/Cable modems to continue. This measure will also protect the IPv4 reputation system that is currently in use and working well.
“Cloudmark is working hard with its own service provider customers to understand the needs for IPv6 and also participates heavily with industry organizations like MAAWG, ECO, IETF and ETIS to discuss how to solve these issues.”