why IPv6 isn't ready for prime time, SMTP edition

Rob McEwen rob at invaluement.com
Wed Mar 26 02:51:11 UTC 2014


On 3/25/2014 10:25 PM, Brielle Bruns wrote:
>
> Like I said in a previous response, if you are going to make rdns a
> requirement, why not make SPF and DKIM mandatory as well? 

many ISPs ALREADY require rDNS. So making that standard official for
IPv6 is isn't asking for much! It is a NATURAL progression. As I
mentioned in a previous message, i think IPv6 should go farther and
require FCrDNS, with the host name ending with the sender's actual real
domain so that proper identity is conveyed. (then when a spammer uses a
"throwaway domain" or known spammy domain... as the domain at the end of
the rDNS, they have only themselves to blame when the message is rejected!)

SPF is somewhat "dead"... because it breaks e-mail forwarding
situations. Anyone who blocks on a bad SFP is going to have significant
FPs. And by the time you've dialed down the importance of SPF to prevent
FPs (either by the receiver not making too big of a deal about ir, or
the sender using a NOT strict SFP), it then becomes impotent. About the
only good usage of SPF is to change a domain's record to "strict" in
situations where some e-mail on that domain is being "picked on" by a
"joe job" where their address is forged into MANY spams over a period of
time. (not just the occasional hit that everyone gets). otherwise, SPF
is worthless.

Maybe we should require DKIM for IPv6, too? But what I suggested about
FCrDNS seems like a 1st step to me.

-- 
Rob McEwen
+1 (478) 475-9032





More information about the NANOG mailing list