why IPv6 isn't ready for prime time, SMTP edition

Paul Ferguson fergdawgster at mykolab.com
Tue Mar 25 21:12:52 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Isn't this just a local policy issue with handling DMARC? I know for
sure at least one other (very large) organization that (also) rejects
messages which do not have an rDNS entry, and it is a local DMARC policy.

- - ferg

On 3/25/2014 1:57 PM, Brielle Bruns wrote:

> On 3/25/14, 11:56 AM, John Levine wrote:
>> I think this would be a good time to fix your mail server setup. 
>> You're never going to get much v6 mail delivered without rDNS,
>> because receivers won't even look at your mail to see if it's
>> authenticated.
>> 
>> CenturyLink is reasonably technically clued so it shouldn't be 
>> impossible to get them to fix it.
> 
> 
> Nothing wrong with my mail server setup, except the lack of RDNS. 
> Lacking reverse should be one of many things to consider with
> rejecting e-mails, but should not be the only condition.
> 
> That would be like outright refusing mail unless it had both SPF
> and DKIM on every single message.
> 
> Sure, great in theory, does not work in reality and will result in
> lost mail from legit sources.
> 
> Already spoken to CenturyLink about RDNS for ipv6 - won't have
> rdns until native IPv6.  Currently, IPv6 seems to be delivered for
> those who want it, via 6rd.
> 
> And, frankly, I'm not going to get in a fight with CenturyLink over
> IPv6 RDNS, considering that I am thankful that they are even
> offering IPv6 when other large providers aren't even trying to do
> so to their residential and small business customers.
> 
> It is very easy for some to forget that not everyone has a gigabit
> fiber connection to their homes with ARIN assigned IPv4/IPv6 blocks
> announced over BGP.  Some of us actually have to make do with
> (sometimes very) limited budgets and what the market is offering us
> and has made available.
> 
> 


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlMx8VQACgkQKJasdVTchbJkBgD+PeCiFIefgXhmcsyIiqHAdiNX
slrBbBk3/edq9yiAsPAA/0zwEwPqfFTyjYvChdgMyC09aSDOFeGT8vf6HZzMCPDt
=OHTl
-----END PGP SIGNATURE-----



More information about the NANOG mailing list