I’ve not experienced this problem sending emails via IPv6 to gmail destinations from my personal domain. (delong.com <http://delong.com/>) Likely this email will, in fact, get sent to GMAIL via IPv6. I do have good SPF and DKIM records and signing and a reasonable DMARC policy set up. If ISC doesn’t have that yet, it might be a better alternative than turning off IPv6. If that doesn’t solve it, I can reach out to someone at Google who can likely get the right parties involved. Owen
On Apr 2, 2022, at 15:23, Jeroen Massar via NANOG <nanog@nanog.org> wrote:
Hi Dan,
Hope the rest of the world is treating you decently!
There are a lot of bits and bobs that one has to get right for mail to flow, amongst which:
- IP -> PTR lookup -> that hostname lookup, and match to IP again (https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS) - SPF - DKIM - DMARC - ARC (for mailinglists) - SRS (When forwarding, rewrite the From and resign DKIM, and then ARC-sign that) - Decent TLS - MTA-STS
And that list grows and grows... and grows and grows. It is kinda a test if one has actually bothered to configure a setup, and not just are randomly sending an email by just telneting from a random server. Of course the large spam outfits have this fully automated and configured, so that their spam^Wadvertising comes through.
A wee little test tells that there are a few improvements to be made at minimum:
https://internet.nl/mail/isc.org/
• Not all authenticity marks against email phishing (DMARC, DKIM and SPF) • Failed :Mail server connection not or insufficiently secured (STARTTLS and DANE)
Greets, Jeroen (who also runs his own full net... and had jeroen@isc for a few years... ;) )