Your organization may have all the prescribed spam filters in place – but with the looming expansion of the limited IPv4 address space to IPv6, some infected spam may still be getting through inboxes.
The reason for the infiltration is IPv6 spam is already making the rounds, infecting users already on IPv6 Internet. “IPv6 isn’t widely deployed, especially in North America, but it is becoming more widely deployed in Europe and Asia and we’re actually seeing real e-mail traffic over IPv6 and we’re seeing spam over IPv6,” said David Skoll, president and CEO of Roaring Penguin Software Inc., an Ottawa-based anti-spam vendor.
Presently, the spam Skoll and his team at Penguin Software are seeing seems to be coming from compromised machines that just so happen to have IPv6. “We don’t think spammers are actively trying to use IPv6 yet,” Skoll conceded. “But we think they will once it becomes more widely deployed.”
Luckily, one way to protect the enterprise from IPv6 spam is a simple and relatively cost efficient one – just up the ante of your current real-time spam block list to be on the look out for spam coming from IPv6 addresses. “It’s like a reputation thing,” Skoll said of spam block lists. “If you run a mail server and somebody tries to send you mail, before you accept it, you can check against one of these lists to find out if this is a known bad IP address … it doesn’t use a lot of CPU power or time, so they’re quite popular as sort of the first test to see if something might be spam.
“Most block lists don’t even do IPv6 at all,” Skoll said. In fact, he was surprised to find that IPv6 spam was already in circulation. “We didn’t think IPv6 was widely deployed enough to even get much mail of any kind,” he said. Today, Roaring Penguin’s block lists contain IPv6 entries. “As IPv6 becomes more widely deployed, spammer might start preferring it just because there are hardly any real time block lists that have IPv6 entries.”
