Gmail (thus Nanog) rejecting ipv6 email

• Previous message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Next message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Dan,

Hope the rest of the world is treating you decently!

There are a lot of bits and bobs that one has to get right for mail to flow, amongst which:

 - IP -> PTR lookup -> that hostname lookup, and match to IP again
   (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS)
 - SPF
 - DKIM
 - DMARC
 - ARC (for mailinglists)
 - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that)
 - Decent TLS
 - MTA-STS

And that list grows and grows... and grows and grows. It is kinda a test if one has actually bothered to configure a setup, and not just are randomly sending an email by just telneting from a random server. Of course the large spam outfits have this fully automated and configured, so that their spam^Wadvertising comes through.

A wee little test tells that there are a few improvements to be made at minimum:

https://internet.nl/mail/isc.org/

	• Not all authenticity marks against email phishing (DMARC, DKIM and SPF)
	• Failed :Mail server connection not or insufficiently secured (STARTTLS and DANE)


Greets,
 Jeroen (who also runs his own full net... and had jeroen at isc for a few years... ;) )

• Previous message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Next message (by thread): Gmail (thus Nanog) rejecting ipv6 email
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]