On Fri, Aug 12, 2022 at 3:15 PM Simon Arlott via mailop <mailop@mailop.org> wrote:
> On 12/08/2022 17:22, Jesse Hathaway via mailop wrote: > > Back in 2013[1] we changed our mail config to force MX lookups for gmail > > to only use IPv4 addresses. We made these change after hearing reports > > of higher spam scoring when sending mail via IPv6. Would anyone from > > Google be able to comment as to whether forcing IPv4 is still needed? > > Yours kindly, Jesse Hathaway > > My experience in the past is that because Google insist on a successful > matching reverse DNS lookup for IPv6, it will randomly permanently > reject email for a temporary error. It looks like Google are now doing > this for IPv4 too but I don't know if they've fixed it to handle > temporary DNS errors properly. > > The other general problem is that your server's reputation will probably > be different for each address and suddenly swap between IPv6 and IPv4 on > a retry. Ideally random outgoing address selection across all IP address > families should be used to avoid this but Exim can't do that. > While we try to do the right thing with DNS temp failures, it can be challenging to differentiate sometimes. We would also need to propagate a dns temp failure into an spf/etc temp failure and then potentially have different spam rejects based on whether a specific spam rule depended on those features... but that's not really how the spam system works. And yes, while we started with stricter auth requirements for IPv6, that's coming for IPv4 incrementally. That said, fundamentally an IPv6 address is different from an IPv4 one, which means different netblocks as well, and different reputations. Unless you split your mail evenly between them, and had the same mail stream evenly split across the entire netblock... and ASN... you wouldn't have identical spam results. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
