I'm starting to conclude that attempting IPv6 delivery to gmail servers is simply not worth the electrons.
Understandably, gmail have rules in place for the PTR/AAAA RR of sending IPv6 addresses. I have no issue with these, as setting them up is MailServers-100 (Not even the 101) and, I use such checks as an indicator myself. Nothing says "I'm a real mail server!" than taking the effort to look like one. The issue arises when Google's end has a DNS hiccup and decides that our perfectly configured PTR/AAAA no longer exists, and instead of using any kind of reputation or memorised state, flat out rejects all emails until nxcache expires for that server. By the time I check what is going on, the problem is solved with emails delivering normally. After testing for many months from multiple locations, I have never managed to replicate a permanent DNS failure of either the PTR or AAAA lookup. I know at some point, there has to be a missing packet or routing issue which prevents a lookup succeeding, but that will always be temporary. For now, I'm ignoring all IPv6 addresses when delivering to gmail.com but that hardly seems like a positive step forward. These are hosted sending domains so attempting to get everyone setup with, and working within the limitations of, DKIM and SPF is impractical. Sending without either of these two works just fine in almost all cases. Why the heck are Google hard rejecting emails with a temporary DNS issue which has previously been just fine? How on earth does one work around such an issue? _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop