why IPv6 isn't ready for prime time, SMTP edition

Elizabeth Zwicky zwicky at yahoo-inc.com
Tue Mar 25 21:38:19 UTC 2014


DMARC says nothing about rDNS, and given how late in the game
DMARC comes, it seems like an odd place to enforce rDNS.

Local policy, sure; local DMARC policy, wait what?

	Elizabeth


On 3/25/14, 2:12 PM, "Paul Ferguson" <fergdawgster at mykolab.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>Isn't this just a local policy issue with handling DMARC? I know for
>sure at least one other (very large) organization that (also) rejects
>messages which do not have an rDNS entry, and it is a local DMARC policy.
>
>- - ferg
>
>On 3/25/2014 1:57 PM, Brielle Bruns wrote:
>
>> On 3/25/14, 11:56 AM, John Levine wrote:
>>> I think this would be a good time to fix your mail server setup.
>>> You're never going to get much v6 mail delivered without rDNS,
>>> because receivers won't even look at your mail to see if it's
>>> authenticated.
>>> 
>>> CenturyLink is reasonably technically clued so it shouldn't be
>>> impossible to get them to fix it.
>> 
>> 
>> Nothing wrong with my mail server setup, except the lack of RDNS.
>> Lacking reverse should be one of many things to consider with
>> rejecting e-mails, but should not be the only condition.
>> 
>> That would be like outright refusing mail unless it had both SPF
>> and DKIM on every single message.
>> 
>> Sure, great in theory, does not work in reality and will result in
>> lost mail from legit sources.
>> 
>> Already spoken to CenturyLink about RDNS for ipv6 - won't have
>> rdns until native IPv6.  Currently, IPv6 seems to be delivered for
>> those who want it, via 6rd.
>> 
>> And, frankly, I'm not going to get in a fight with CenturyLink over
>> IPv6 RDNS, considering that I am thankful that they are even
>> offering IPv6 when other large providers aren't even trying to do
>> so to their residential and small business customers.
>> 
>> It is very easy for some to forget that not everyone has a gigabit
>> fiber connection to their homes with ARIN assigned IPv4/IPv6 blocks
>> announced over BGP.  Some of us actually have to make do with
>> (sometimes very) limited budgets and what the market is offering us
>> and has made available.
>> 
>> 
>
>
>- -- 
>Paul Ferguson
>VP Threat Intelligence, IID
>PGP Public Key ID: 0x54DC85B2
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.22 (MingW32)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iF4EAREIAAYFAlMx8VQACgkQKJasdVTchbJkBgD+PeCiFIefgXhmcsyIiqHAdiNX
>slrBbBk3/edq9yiAsPAA/0zwEwPqfFTyjYvChdgMyC09aSDOFeGT8vf6HZzMCPDt
>=OHTl
>-----END PGP SIGNATURE-----
>




More information about the NANOG mailing list