While the arrival of IPv6 is likely to eliminate the usefulness of traditional IP-based blacklists, it is also likely to reduce the issues that arise from port-scanning of open relays and other vulnerabilities," Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time.

The linked article is about how with a vastly expanded address space, it's going to become difficult for anti-spam providers to continue to block junk mail based on the source address. I think the hidden message here is that content analysis, while mentioned, is about to become a whole lot more important. Anti-spam solutions that rely too heavily on "reputation" are in danger of becoming irrelevant.

It's also interesting to note that the anti-spam vendors quoted in the article are in favour of enterprise customers not accepting mail on IPv6 connections. The cynic in me feels this is less about security, and more about the vendors not being able to provide an IPv6 product.

I think this is being blown a little out of proportion - even with a native IPv6 connection, it's still going to be possible to reverse resolve the address block and see that it belongs to (for example) an ISP providing cable modem connectivity. Yes, reputation filtering will need to change a little, but they'll still be able to do it.

Getting to the part I've quoted above... I think Paul Wood (from Symantec.cloud) has forgotten how things work "from the bad-guys perspective". Vast quantities of spam are generated via botnets. How hard is it going to be to deploy a new function out to all those zombies for them to do the IPv6 port scanning? This way it's costing the spammer nothing; they've offloaded the time intensive part to someone else.

If anything I think this article really highlights the need for effective security on the endpoints. Real-time analysis of inbound web content can stop the bots from being deployed in the first place. Examining outbound traffic can identify systems that are already infected and stop the command & control communication.