By now, everyone’s heard that the Internet’s running out of unused IPv4 address space; current estimates put the time for exhaustion of available IPv4 space at sometime in the summer of 2011. This has lots of people worrying, or planning, or panicking, or some combination of the three about the transition to IPv6. With IPv6, we won’t have to worry about the problem of limited space anymore, because we’ll move from having just a few billion IP addresses available to more than 340 undecillion of them. The actual number of possible addresses with IPv6 looks like this:
We’ve had conversations with lots of people in the industry about this topic, and the consensus is that everyone must have a strategy for migrating email to IPv6. While no-one rationally believes that one day we’re just going to flip the switch and IPv4 will be no more, IPv6 will be a reality for networking soon (and already is in some places), and it’ll be the only game in town some day.
As for migration strategies for email, I’m going to throw one out here that may run contrary to popular thinking: perhaps there’s no need for you to migrate your public facing email streams to IPv6 in the next few years. Instead, I propose that you slow down, focus on some other things first, and then worry about migrating.
Think about how you manage email today, particularly your inbound email flow. Your focus is keeping spam away from your customers, and you’ve seen the studies that say that spam accounts for 90% or more of all email traffic. Your response to this is blocking, and filtering, and other tools and techniques.
Now, ask yourself two questions:
1. Of the three billion plus routable IP addresses in use today, how many of them are sending mail that your customers want? Fifty thousand? One hundred thousand? Let’s be generous and say one million; that’s still less than four one hundredths of one percent of all IPv4 addresses.
2. Given that, how many of the trillions of trillions of trillions of IPv6 addresses are you going to want to accept mail from, how will you identify them, and how do you plan to refuse the rest?
Perhaps instead of rushing to accept inbound mail over IPv6, you consider the following strategy instead (and I’m speaking here to ISPs and other connectivity providers):
My thinking here is that if ISPs can get their dynamic customers migrated to IPv6 early in the process, the IPv4 space that gets freed up could allow senders more time to react to the new paradigm. Instead of dedicating IPs to a given customer’s mail streams (i.e., one or more IPs per mail stream for each customer) as required by IP-based reputation systems, we will move to a new model where domain-based authentication and reputation can be accomplished with many fewer IPs. Whether or not senders will actually need to keep acquiring space to use until we’ve moved to a domain-based model is an open question, but thinking back to our hypothesis on the number of IPs that actually send wanted mail, where I land on that question right now is “perhaps not”. At any rate, once domain-based systems are in place and in widespread usage, then the migration to IPv6 for mail can take place, and the IP address(es) involved in getting that message to your doorstep won’t matter.
So, to sum up, I’m proposing that you not be in any hurry to start accepting mail on an IPv6 interface from the internet at large until you are ready to base all decisions on a domain-based reputation system. I don’t expect that this idea will go unchallenged; rather, I fully expect to hear all manner of counter arguments to this. However, in my opinion, the IPv6 migration is going to present us with all kinds of interesting challenges, and there is no need to add IP-based filtering of email to that pile of challenges.
Related articles by Zemanta