mail filtering based on reverse DNS (was: Re: IPv6 Hackers mailing-list)
Bjørn Mork
bjorn at mork.no
Tue Aug 9 18:17:27 CEST 2011
"Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> writes:
> On Aug 9, 2011, at 3:51 AM, Fernando Gont wrote:
>
>> You can subscribe to the mailing-list here:
>> http://lists.si6networks.com/listinfo/ipv6hackers/
>
> Ok, let's discuss the operational issue here:
>
> please fix the IPv6 reverse mapping for the machines sending email before
> trying to run a list with them. People may simply reject the emails without
> that.
Yes, that's a far more interesting issue than yet-another-mailing-list
:-)
I would recommend that you don't just copy your IPv4 mail filtering
policies, given that reverse DNS brokenness is going to be far worse for
IPv6. At least in the early days. But I wouldn't be surprised if it
stayed like that forever because:
a) people just don't care about RFC1912 anymore, and
b) more delegation points lead to more clueless DNS admins, and
c) very few ISPs are going to provide the automatic forward and reverse
DNS typical for IPv4 dynamic address pools
Anyway, if you reject mail from IPv6 addresses without reverse DNS
today, then you are guaranteed to reject legitimate mail. One might
even question the usefulness of reverse IPv6 DNS as a low score spam
rule. There are just too many matching legitimate sources.
But as long as we're talking list mail servers, than I fully agree: They
should be set up to match as few spam rules as possible, and reverse DNS
is one issue which is easy to fix.
Bjørn
More information about the ipv6-ops
mailing list