Re: SMTP and IPv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Brian, et al.,

I think this discussion is overlooking a problem with IPv6 email and anti-spam.

Nearly every email server today has taken the same steps to discourage spam.
If you want to send email today, you need to enable:

  - SPF and/or DKIM (or better: both).
    This is DNS and independent of IPv6. Not a problem.

  - IP reputation
    Don't come from an address that was used for spam.
    Even if it's a new IP address that has an inherited block from a spammer,
    getting off spam block lists (DNS:BL, RBL, etc.) is painfully hard.
    Fortunately, almost none of today's block lists support IPv6.  Not a problem.

  - Reverse DNS
    If the sender doesn't have a reverse DNS entry, then you can't send email.
    The anti-spam rules also rejects generic reverse hostnames.
    (No "DHCP" or similar in the reverse name.)
    Ah, that's the problem with IPv6 adoption. Almost none have reverse hostnames.

For smaller companies (like mine):
While IPv4 ranges are often static and permit setting a DNS name, many upstream providers only use DHCPv6 for IPv6. Your mail server usually doesn't have a fixed IPv6 address. This means it doesn't have a reverse DNS entry. This means it can't send email over IPv6.

Worse:
Let's say you have two MX records.
  HostA: MX priority 10 is for a host that uses ipv4 and ipv6.
  HostB: MX priority 20 is for a host that only uses ipv4.

If you cannot connect to HostA, then you will fall back to HostB.

But what if you connection HostA and fail to send email over IPv6 due to no reverse hostname? It doesn't fall back to HostA over IPv4 (with reverse hostname) and doesn't fall back to HostB. Instead, it just fails.


So far, the only mail server I've seen that uses IPv6 with a reverse hostname is Google/gmail. That's great for them to send email, but it does nothing to permit them to receive email.

					-Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
https://hackerfactor.com/


On Sun, Jun 30, 2024 at 08:49:16AM +1200, Brian E Carpenter wrote:
> On 30-Jun-24 08:16, Michael Jones wrote:
> > I’m thankful that the IETF staff is providing us with a reliable organizational mail system that works at the scale that we need.  It enables the IETF to function.  I see that as being the high-order bit here.
> Upvote.
> 
> The IETF's job here is to understand the factual reasons why the major mail services don't deliver mail over IPv6, and to find out what can be written in RFCs to change that.
> 
> IMHO it's a secondary issue that the LLC didn't explain this in advance to the community. Maybe they should have, but that isn't the real issue.
> 
>    Brian
>
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux