On Sun, Jun 30, 2024 at 8:34 AM Dr. Neal Krawetz <ietf=40hackerfactor.com@xxxxxxxxxxxxxx> wrote: > > I think this discussion is overlooking a problem with IPv6 email and anti-spam. > > Nearly every email server today has taken the same steps to discourage spam. > If you want to send email today, you need to enable: > > - SPF and/or DKIM (or better: both). > This is DNS and independent of IPv6. Not a problem. > > - IP reputation > Don't come from an address that was used for spam. > Even if it's a new IP address that has an inherited block from a spammer, > getting off spam block lists (DNS:BL, RBL, etc.) is painfully hard. > Fortunately, almost none of today's block lists support IPv6. Not a problem. Reputation does not seem to work very well in some cases. For example, I have almost 10,000 pieces of offensive pornographic spam from Microsoft and its Sharepoint (using domain sharepointonline.com). I also have a truckload of similar offensive pornographic spam from Teams (using domain teams.microsoft.com). Reputation does seem to work well for other companies, like Google and Amazon. But I use GMail, so I may be getting a different view of things since I am an internal GMail user. External recipients may have different experiences. > - Reverse DNS > If the sender doesn't have a reverse DNS entry, then you can't send email. > The anti-spam rules also rejects generic reverse hostnames. > (No "DHCP" or similar in the reverse name.) > Ah, that's the problem with IPv6 adoption. Almost none have reverse hostnames. > > For smaller companies (like mine): > While IPv4 ranges are often static and permit setting a DNS name, many upstream providers only use DHCPv6 for IPv6. Your mail server usually doesn't have a fixed IPv6 address. This means it doesn't have a reverse DNS entry. This means it can't send email over IPv6. > > Worse: > Let's say you have two MX records. > HostA: MX priority 10 is for a host that uses ipv4 and ipv6. > HostB: MX priority 20 is for a host that only uses ipv4. > > If you cannot connect to HostA, then you will fall back to HostB. > > But what if you connection HostA and fail to send email over IPv6 due to no reverse hostname? It doesn't fall back to HostA over IPv4 (with reverse hostname) and doesn't fall back to HostB. Instead, it just fails. > > > So far, the only mail server I've seen that uses IPv6 with a reverse hostname is Google/gmail. That's great for them to send email, but it does nothing to permit them to receive email. Jeff
