IPv6 is big

IPv6 is big. Really big. You just won’t believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it’s a long way down the road to the chemist, but that’s just peanuts to IPv6.

The old Internet, the one you’re probably using right now, runs on IP version 4. IPv4 addresses have numbers and dots; they look like 172.224.4.56. There are about 4,009,754,624 IPv4 addresses, or about half an IPv4 address for each person on the planet. Almost all of those have been assigned to someone, so even if they’re not currently in use it’s going to be hard or expensive for you to get more.
IPv6 addresses have colons and hexadecimal numbers; they look like 2600:1415:11:19d::2add. There are about 42,535,295,865,117,307,932,921,825,928,971,026,432 (forty-two unidecillion) IPv6 addresses, or about six octillion for each person on the planet.
(Actually, there are a lot more than that, about eight times more, but the Internet powers-that-be decided that even reserving seven-eighths of the theoretical space for future expansion would leave plenty of address space available.)
Why does IPv6 provide so many addresses? The obvious reason is that while four billion seemed like a ridiculously large number of internet endpoints in the late 1970s we’ve now found it wasn’t, and we’ve run out of address space, and we’d rather only switch to a new protocol once – so we’d better not risk running out of IPv6 addresses. Just as important, though, is that we can take advantage of all that address space to avoid many of the gross hacks that are in place on the IPv4 internet to support more devices than it has IP addresses and to make the process of connecting a new device to your home network easier.
Your home ISP probably provides you with, at most, a single IPv4 address. But you have a couple of laptops, a desktop PC, a couple of game consoles, some tablets, some smartphones, a smart TV, a roku or appletv or chromecast for streaming video, a voip phone, a smart tv, and all sorts of other devices that need to connect to the internet for service or updates. How does that work? Each of your devices is dynamically assigned a “private” IPv4 address that can’t actually access the Internet. Then your router dynamically rewrites all the network connections from all those devices to multiplex them onto the single real IPv4 address you have. It’s a mess – and it gets even more complicated when you need a device on a private address on your network to find and directly talk to  a device with a private address on someone else’s network.
With IPv6 your ISP doesn’t give you a single address, they give you a “/64” – about 18,446,744,073,709,551,616 (eighteen quintillion) IPv6 addresses. That means you’ll never need to worry about sharing a single IP address again – there’s enough space for four billion copies of the entire IPv4 Internet in the space your ISP gives your home connection. It also enables address assignment protocols that drastically simplify connecting a new device. When you turn on your new voip phone it can automatically get a persistent IPv6 address, one that can directly connect to any other IPv6 voip phone on the planet. You can play multiplayer games without having to rely on a central server. You can access your fancy home automation system or baby monitor from anywhere, access controls allowing, without any horrible port forwarding or proxying workarounds.
All of this opens up a great IPv6-based future for Internet-based products and services; especially those that benefit from people communicating directly with each other.
But it does mean that identity and reputation change somewhat in IPv6, and that has some implications for sending email over IPv6. More on that on Wednesday.

Related Posts

Yes, we have no IP addresses, we have no addresses today

We’ve just about run out of the Internet equivalent of a natural resource – IP addresses.

Read More

World IPv6 launch day

Today is world IPv6 launch day. A group of ISPs, network hardware manufacturers and web companies permanently enabled IPv6 for their products and services.
What’s this got to do with email? According to a post on the NANOG mailing list the very first email to arrive at the Comcast IPv6 mailserver was received a minute after the server was turned on. This email was spam and was caught by Cloudmark’s filters.
Comcast goes on to assure readers that more mail came in and not all of it was spam.
But, yes, the first email sent to Comcast over IPv6 was spam. Welcome to the future.
 

Read More

The death of IP based reputation

Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation.
Every time the ISPs and spam filtering companies would work out a way to block spam using IP addresses, spammers would figure out a way around the problem. ISPs started blocking IPs so spammers moved to open relays. Filters started blocking open relays, so spammers moved to open proxies. Filters started blocking mail open proxies so spammers created botnets. Filters started blocking botnets, so spammers started stealing IP reputation by compromising ESP and ISP user accounts.  Filters were constantly playing catchup with the next new method of getting a good IP reputation, while still sending spam.
While spammers were adapting and subverting IP based filtering a number of other things were happening. Many smart people in the email space were looking at improving authentication technology. SPF was the beginning, but problems with SPF led to Domains Keys and DKIM. Now we’re even seeing protocols (DMARC) layered on top of DKIM. Additionally, the price of data storage and processing got cheaper and data mining software got better.
The improvement in processing power, data mining and data storage made it actually feasible for ISPs and filtering companies to analyze content at standard email delivery speeds. Since all IPv4 addresses are now allocated, most companies are planning for mail services to migrate to IPv6. There are too many IPv6 IPss to rely on IP reputation for delivery decisions.
What this means is that in the modern email filtering system, IPs are only a portion of the information filters look at when making delivery decisions. Now, filters look at the overall content of the email, including images and URLs. Many filters are even following URLs to confirm the landing pages aren’t hosting malicious software, or isn’t content that’s been blocked before. Some filters are looking at DNS entries like nameservers and seeing if those nameservers are associated with bad mail. That’s even before we get to the user feedback, in the form of “this is spam” or “this is not spam” clicks, which now seem to affect both content, domain and IP reputation.
I don’t expect IP reputation to become a complete non-issue. I think it’s still valuable data for ISPs and filters to evaluate as part of the delivery decision process. That being said, IP reputation is so much less a guiding factor in good email delivery than it was 3 or 4 years ago. Just having an IP with a great reputation is not sufficient for inbox delivery. You have to have a good IP reputation and good content and good URLs.
Anyone who wants good email delivery should consider their IP reputation, but only as one piece of the delivery strategy. Focusing on a great IP reputation will not guarantee good inbox delivery. Look at the whole program, not just a small part of it.

Read More