SMTP over IPv6 : gmail classifying nearly all IPv6 mail as spam since 20140818

Doug Barton dougb at dougbarton.us
Sat Aug 23 20:34:57 CEST 2014


On 8/23/14 11:10 AM, Marco d'Itri wrote:
> On Aug 23, Doug Barton <dougb at dougbarton.us> wrote:
>
>> Fortunately SPF is dead simple,

> Indeed, since SPF is dead simple it also has bad failure modes which
> break many common practices.

I think the argument is that breaking those common practices is a 
feature, not a bug. I fully realize that this makes your life less 
convenient, but increased security always comes at a cost.

> This is why DMARC best practices require to use both SPF and DKIM (which
> has different failure modes, but at least they can usually be blamed on
> bad software used by intermediaries) in the hope that at least one will
> validate.

I'm not sure I agree with you there, but I won't quibble.

>> and DKIM isn't that much harder. In fact for
>> one domain it's also dead simple (ProTip: Use OpenDKIM). I couldn't find a

> The problem is managing it for tens of thousand of domains, when you
> often do not manage their DNS zones as well.

Yes, I get it. Advances in e-mail security are making your life (and 
perhaps even your business model) more difficult, and you don't like 
that. But complaining about it isn't going to help. The world is moving 
on, if you want to continue to stay successful you need to move with it. 
This has always been true, regardless of the times, the industry, etc. 
It's also always been true that change is hard, and harder for some than 
others. The fact that it's hard doesn't mean you can opt out of it.

And not to toot my own horn, but I've been responsible for hosting 
solutions with hundreds of thousands of domains, so I feel your pain. 
Really, I do. But "It's hard!" doesn't mean you don't have to do it.

> The support cost of teaching customers how to implement it is
> significant enough that for now blocking IPv6 to gmail is much easier.

And you can continue to limp along like that. Your network, your rules. 
But as time goes on IPv6 is going to be the rule, not the exception. In 
the shorter time frame (arguably much shorter, as in the next few years) 
domain-based reputation will not only be the norm, it will be a 
requirement. So if you're not already hard at work making that happen 
for your customers, you're way behind the curve, and losing ground every 
day.

Another way to look at this would be to analyze how much time, effort, 
etc. you're putting into complaining about it, and put (at least) that 
same amount of effort into solving the problem on your end.

> (Also, if you manage just a couple of domains on your own personal
> server you will probably not have reputation issues with gmail, so this
> is barely relevant.)

Actually you're quite wrong about that. :) Even leaving aside my 
previous experience in the hosting world, when I pick up a new domain I 
do some casual testing with it to see who I can and can't send mail to 
without SPF, DKIM, etc. It's been a couple of years at least that you 
can't send mail with any degree of confidence to the big three without 
at least SPF, and over a year that you also need DKIM.

Doug





More information about the ipv6-ops mailing list