A.J.Mechelynck
-
Posts
240 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by A.J.Mechelynck
-
-
We should face the facts that IPv6 is not human, nor code friendly. IPv4 was easy to code for because it HAD three periods. IPv6 can have any number of colons, but not more than eight. Code that matches IPv6 will always be complex and never as simple as IPv4, as seen below. I suspect this is partly why SpamCop has not fully implemented it yet.
m/^([0-9A-Fa-f]{1,4}:){1,7}([0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1,1}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|([0-9A-Fa-f]{1,4}:){1,1}(:[0-9A-Fa-f]{1,4}){1,6}$/
These are some generic questions, but I believe they get to the root of the problem. How do you go about reporting IPv6 to the upsteam, which is to say the ISP? How do you add the IPv6 address to a block list?
I believe the main reasons for the delay is that they do not need to just match IPv6, but they also need to get other underlying code updated as well. We know that they are able to find the IPv6 address now, because the page says it found IPv6 and stops. I believe that SpamCop is working on the whois, reverse DNS, blacklisting servers, and also working with the abuse.net DB to get all of it IPv6 compatible. SpamCop needs to get all of their code updated so it handles IPv6 in all of the code, not just the detector portion.
Yes, and considering all the ways to abbreviate an IPv6 address, just converting the address-as-text (as found in the mail headers) to the address-as-128-bits (the unique value which can be meaningfully compared for equality, and so blacklisted or not) is an unobvious task, albeit well-defined.
At least now (and unlike what happened when the first IPv6 spam appeared), when SpamCop chokes on an IPv6 spam it gives a clear message that it currently doesn't support IPv6. One could always wish for full IPv6 support; but let's not forget that even after the purchase by IronPort and the latter's purchase by Cisco, SpamCop is still cruelly understaffed and, AFAIK, the only person who more or less masters the SpamCop source is Julian, and I'm not sure how much time he can dedicate to finding (in the “mass of spaghetti†mentioned a few posts ago, and without neglecting his other duties) the relevant code for this particular problem (which probably is neither the only problem nor the most urgent one), fixing it, testing it, checking for side-effects, etc. etc. etc.
I don't know about y'all, but the IPv6 spam messages that fall into my inbox are (still) few and far between; I believe that we still have several years before they become the majority, and I'm confident that the SpamCop code will be suitably modified in time to handle them satisfactorily before they become an unbearable nuisance.
-
I just got a spam that SpamCop wouldn't even parse because there was a bogus Received line with an IPv6 address, after ("earlier than") an IPv4 Received line saying from where my Mailhost got the spam: http://www.spamcop.net/sc?id=z5130543490z0...6bdd3878493570z
IPv6 Routing Support
in SpamCop Reporting Help
Posted
Hm, yes, trying to re-parse with that same tracking URL gives me the same errors, but SC also tells me that "reports have already been sent" — albeit to nomaster[at]devnull.spamcop.net — concerning that IPv6 address.