I had similar trouble sending to Gmail over IPv6 long ago and I just turned off the IPv6 interface on my server to fix it, because I'm a typical dumb American. I was never quite sure, do I just not understand how to specify SPF properly for IPv6 or does Gmail have a bug in how they process SPF for IPv6.
Kitterman SPF check says: Mail sent from this IP address: 2001:4060:1:1002::139:139 Mail from (Sender): b...@example.com Mail checked using this SPF policy: v=spf1 ip6:2001:4060::/32 ip4:157.161.0.0/16 ip4:217.173.238.128/27 ip6:2a00:ec0:1::/64 -all Results - PASS sender SPF authorized In your case, I agree that SPF should be passing. I guess double check that you're actually connecting to Google servers over the correct interface, I also ran into this before as an issue, too. Maybe it's not really connecting via 2001:4060:1:1002::139:139 and thus truly is failing SPF. I do see many examples of SPF/DMARC (no DKIM) working as expected...i.e. delivers, not blocked. At work we have so many MTAs with varying configs that we occasionally would have someone try to send from a new MTA without DKIM yet configured, but SPF still passes, and it delivers fine to Gmail. Granted, I haven't tested this in the past few days, but unless it broke very recently, I feel confident that they don't block in this way. Good luck! Regards, Al Iverson On Tue, Jun 2, 2020 at 10:13 AM Benoit Panizzon via mailop <mailop@mailop.org> wrote: > > Hi Gang > > I'm on the way of more widely deploying DMARC and also testing DKIM > once again. Also on our ISP email service domains. > > So at the moment I'm only using DMARC with SPF. According to my > reading on how DMARC works, if no DKIM record is published, a passing > SPF record is sufficient for authentication. > > But as soon as I set p=reject Gmail is rejecting all emails: > > <xxxxxxxxx>: host aspmx.l.google.com[2a00:1450:4013:c04::1a] said: > 550-5.7.26 Unauthenticated email from imp.ch is not accepted due to > domain's 550-5.7.26 DMARC policy. Please contact the administrator of > imp.ch domain if 550-5.7.26 this was a legitimate mail. Please visit > 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about > the 550 5.7.26 DMARC initiative. i4si1617970edq.200 - gsmtp (in reply to > end of DATA command) > > imp.ch descriptive text "v=spf1 ip6:2001:4060::/32 ip4:157.161.0.0/16 > ip4:217.173.238.128/27 ip6:2a00:ec0:1::/64 -all" > > _DMARC.imp.ch descriptive text "v=DMARC1; p=none; > rua=mailto:dmarc-rep...@imp.ch; ruf=mailto:dmarc-rep...@imp.ch; aspf=s" > (reverted to p=none) > > That email was sent from: 2001:4060:1:1002::139:139 which passes SPF. > > Any idea what is going wrong? Is Gmail's DMARC implementation broken > and REQUIRES DKIM violating RFC? > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 Pratteln Fax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > ______________________________________________________ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Song a day! https://www.wombatmail.com Deliverability! https://spamresource.com And DNS Tools too! https://xnnd.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
