SMTP over IPv6 : gmail classifying nearly all IPv6 mail as spam since 20140818

Brian E Carpenter brian.e.carpenter at
Sat Aug 23 23:17:29 CEST 2014

On 24/08/2014 06:34, Doug Barton wrote:
> On 8/23/14 11:10 AM, Marco d'Itri wrote:

>> This is why DMARC best practices require to use both SPF and DKIM (which
>> has different failure modes, but at least they can usually be blamed on
>> bad software used by intermediaries) in the hope that at least one will
>> validate.
> I'm not sure I agree with you there, but I won't quibble.

Actually I think you should quibble. The issue isn't "bad" software
used by intermediaries, it's that by design DMARC p=reject breaks a
very common model used by intermediaries. Whether that is a bug or a
feature in DMARC is out of scope for this thread, however.

>>> and DKIM isn't that much harder. In fact for
>>> one domain it's also dead simple (ProTip: Use OpenDKIM). I couldn't
>>> find a
>> The problem is managing it for tens of thousand of domains, when you
>> often do not manage their DNS zones as well.
> Yes, I get it. Advances in e-mail security are making your life (and
> perhaps even your business model) more difficult, and you don't like
> that. But complaining about it isn't going to help. The world is moving
> on, if you want to continue to stay successful you need to move with it.
> This has always been true, regardless of the times, the industry, etc.
> It's also always been true that change is hard, and harder for some than
> others. The fact that it's hard doesn't mean you can opt out of it.
> And not to toot my own horn, but I've been responsible for hosting
> solutions with hundreds of thousands of domains, so I feel your pain.
> Really, I do. But "It's hard!" doesn't mean you don't have to do it.
>> The support cost of teaching customers how to implement it is
>> significant enough that for now blocking IPv6 to gmail is much easier.
> And you can continue to limp along like that. Your network, your rules.
> But as time goes on IPv6 is going to be the rule, not the exception. In
> the shorter time frame (arguably much shorter, as in the next few years)
> domain-based reputation will not only be the norm, it will be a
> requirement. So if you're not already hard at work making that happen
> for your customers, you're way behind the curve, and losing ground every
> day.
> Another way to look at this would be to analyze how much time, effort,
> etc. you're putting into complaining about it, and put (at least) that
> same amount of effort into solving the problem on your end.
>> (Also, if you manage just a couple of domains on your own personal
>> server you will probably not have reputation issues with gmail, so this
>> is barely relevant.)
> Actually you're quite wrong about that. :) Even leaving aside my
> previous experience in the hosting world, when I pick up a new domain I
> do some casual testing with it to see who I can and can't send mail to
> without SPF, DKIM, etc. It's been a couple of years at least that you
> can't send mail with any degree of confidence to the big three without
> at least SPF, and over a year that you also need DKIM.
> Doug

More information about the ipv6-ops mailing list