On Thu 2016-Jun-09 18:06:30 +0200, Bernhard Schmidt <bernhard.schm...@lrz.de> wrote:
Hi, since around 13:00 UTC today all of the sudden we see massive rejects of mails towards Google when delivering on IPv6 Jun 9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn: to=<x...@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7, delays=0.01/0/0.16 /0.53, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for m ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end of DATA command)) Header-From and Envelope-From are aligned, the sending domain does not have any DKIM/SPF/DMARC published. We're working on DKIM, but this is not rolled out for all domains yet. The hosts in question do have proper FCrDNS, i.e. http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Aff89.html Anyone seeing the same? From outside it looks like Google has implemented the "all mail delivered over IPv6 has to be DKIM/SPF authenticated" previously done by Microsoft, but without the softfail.
...hasn't this been the case for some time? They want FCrDNS + at least one of SPF or DKIM to accept delivery over v6: https://support.google.com/mail/answer/81126?hl=en#authentication Did they just defer previously?
Best Regards, Bernhard
-- Hugo _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
