Gmail (thus Nanog) rejecting ipv6 email

Owen DeLong owen at delong.com
Tue Apr 5 20:56:58 UTC 2022



> On Apr 4, 2022, at 08:13 , Robert Kisteleki <robert at ripe.net> wrote:
> 
> 
> On 2022-04-03 07:18, Owen DeLong via NANOG wrote:
>> I’ve not experienced this problem sending emails via IPv6 to gmail destinations from my personal domain.
>> (delong.com <http://delong.com>)
>> Likely this email will, in fact, get sent to GMAIL via IPv6.
>> I do have good SPF and DKIM records and signing and a reasonable DMARC policy set up.
>> If ISC doesn’t have that yet, it might be a better alternative than turning off IPv6.
>> If that doesn’t solve it, I can reach out to someone at Google who can likely get the right parties involved.
>> Owen
> 
> I think it has been argued before that having a different email acceptance policy over IPv4 vs IPv6 is essentially a layering violation. I'm sympathetic to that argument.

The problem with that argument is that it ignores the fact that IP reputation services are available for IPv4 and impractical for IPv6.

> More to the point: *you* could do this and there are a number of other clueful people who can make this work today. And when Google changes their rules (that you'll have to learn about once you hit the next wall), then you adjust. And you keep on doing this whack-a-mole game.

It hasn’t been all that much whack-a-mole. Frankly, I’ve had more difficulty playing whack-a-mole with Apple’s changes in what they require for a CA to be accepted by an iPhone so that I can access my own IMAP server than anything Google has done to IPv6 mail acceptance.

Bottom line, if you’re running an MTA, then there is a changing landscape of BCPs that you have to adapt to. Google may be one of the first to get strict about some of those BCPs, they are also likely the first one many sites will trip over due to the high volume of email headed their way and the large user base they have, but there are definitely others that you will also trip over.

You can’t run an MTA in the modern internet without this whack-a-mole game and I suspect it will eventually hit v4 just as hard as it currently hits v6 because I think that v4 reputation services will fail to cope with CGNAT in much the same way that they currently can’t cope with IPv6.

> Of course there's an argument that say "mom and pop should not run their own mailserver, there are professionals for that!" but at the end of the day what this really serves is deliberate and pre-mediated centralisation, slowly but steadily stamping out small players.

As pop running his own mail server, I don’t buy that first argument at all. However, I will say that if you are going to run an MTA on the greater internet, then you have inherently as part of the social contract, accepted the obligation to run it in accordance with the current form of BCP and the further obligation to keep up with the current definition of current BCP.

> 
> Robert

Owen



More information about the NANOG mailing list