2018-02-24
The question of what will be sending email spam over IPv6
In reaction to receiving my first spam email over IPv6, I've been thinking a bit about the moderate term future of email spam over IPv6. One of the questions I have is what will be sending out such email spam. More narrowly, will IPv6 spam email happen as an incidental side effect of random dual-stack machines trying IPv6 connections before IPv4 ones (as in my case), or will it be a deliberate attempt by spam operations to use IPv6 to evade various sorts of IPv4 blocks and other issues?
I'm interested in this question because it affects how important things like IPv6 DNS blocklists are, or just in general making sure that anti-spam precautions are ready for IPv6 and won't either explode or let people bypass them because of it. Also, obviously, it affects how desirable it is to allow yourself to receive email over IPv6 is at all. If enabling IPv6 SMTP is opening yourself to a flood of professional spam operations that will immediately pounce in the hopes that your defenses are low, you probably want to think twice about that (or at least make quite sure that your defenses aren't).
My current belief is that in the next few years, IPv6 email spam will almost entirely be the incidental side effect of random dual-stack machines instead of deliberate work by professional spammers. My reason for this is that I don't think the payoff for bringing up and using IPv6 is very high for such spammers. Most of the world and thus most of their targets are still IPv4 only and will be for some time; there is only a limited selection of IPv6 reachable targets, and many of the biggest ones are probably well defended even against IPv6 (I'm confident that Google Mail is, for example). Such a spammer might get some incremental improvements from also trying IPv6, but operating a dual-stack environment is more effort and there's also fixing your software to work with IPv6. It's almost certainly simpler to just keep using IPv4 only.
(There are probably plenty of people who would be more vulnerable via IPv6, but many of them are not even reachable by IPv6, especially for email. IPv6 email reachability is more than having IPv6 connectivity; you probably have to go out of your way to advertise an IPv6 address for your MX gateway.)
This matters for IPv6 DNS blocklists (and for client code that may or may not be able to query DNS blocklists for IPv6 addresses). If professional spam operations that are currently being blocked by things like the SBL CSS switch over to IPv6 to evade those blocks, we may have problems. However we'd only have those problems until Spamhaus brought up full IPv6 support (which they may already have done, and which they've certainly been thinking about for more than half a decade) and mailers and so on were updated to work right for IPv6 DNSBLs. This would probably happen pretty rapidly if professional spammers shifted in volume (since a bunch of people would get pretty motivated), which is another reason to not worry about it. If people would compensate pretty rapidly, professional spammers definitely don't get much out of the effort of bringing up IPv6.
(I'm sure there will be professional spam operations working over IPv6, but that's because more and more people will be IPv6 enabled in general. Spam just comes along for the ride as part of the ambient Internet background noise.)