Re: [mailop] Gmail doesn't like my IPv6 address, why?
On Thu, 2019-12-19 at 16:46 +, Andrew C Aitchison wrote: > You say that you use ::1 in addition to your IPv4 address. > Shouldn't ::1 be in addition to 127.0.0.1 and > one of your new /64 addresses in addition to your IPv4 ? My mistake: I was referring to my subnet's _::1, not localhost. > Can I presume that this is MTA -> MTA, not mail submission (which > will > leave gmail via your own gmail account) ? Correct. > Do you use a client certificate (in the TLS handshake ?) so that > gmail > knows it is really you ? Do you mean mTLS? No I don't, and I don't think they even check for that (otherwise there should be some header indicating that right?). DKIM should be enough, except if they don't trust my NS (HE.net). > What information does GMail have to determine that the two sources > are the > same and how quickly could they put it all together to prove that > that > deduction is trustworthy ? My domain name + DNS records. I believe their DNS cache is pretty fast. > *Should* they even do this ? You presumably wouldn't want a visitor > to your /64 network to have the same reputation as your mailserver, > so why should they share reputation between your IPv4 and Ipv6 ? > If I understand correctly GMail can even give different trust levels > to > different apps on the same phone ! > > I suspect that the simple answer is that GMail has not established > that > the two sources are in fact the same, and your IPv6 source, being > new, > has no positive reputation. > It's either that (which personally I would find too simplistic and problematic for a big company like Google) or their spam filter is full of unreasonable and complex heuristics that are only optimized for large volume providers. Maybe I am missing something, but it seems I'm gonna have to go back to IPv4 only for delivery :( Cheers ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
Dnia 19.12.2019 o godz. 16:46:51 Andrew C Aitchison via mailop pisze: > I suspect that the simple answer is that GMail has not established that > the two sources are in fact the same, and your IPv6 source, being new, > has no positive reputation. "No positive reputation" should not by default mean being redirected to spam folder. If the sender has a *negative* reputation, then yes, the message could be put to spam. But neither positive nor negative (ie. neutral) reputation should just deliver mail normally and allow the reputation to build in time. If all mail from senders with "no positive" reputation will be directed to spam from the beginning, then there is no possibility for the sender to build up that positive reputation. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
On Wed, 18 Dec 2019, Brian via mailop wrote: I never had any significant deliverability issues with my personal low volume email server before, which I have been running for several years following pretty much all the well-known recommendations and standards. Two months ago I decided to take some time to setup IPv6 using a new /64 I got from my ISP and update all the records to use ::1 in addition to my old v4. After fixing some minor problems I was able to both receive and submit emails using my new IPv6 address. For what I can see on my logs, Gmail seem to prefer v6 when delivering emails to my server, but for some reason when my server uses v6 to deliver emails their milters mark them as spam (except of course when I send test emails to my 15 years old personal gmail account... *sigh*) You say that you use ::1 in addition to your IPv4 address. Shouldn't ::1 be in addition to 127.0.0.1 and one of your new /64 addresses in addition to your IPv4 ? My question is: why Gmail is OK with my old v4 but at the same time doesn't trust my new v6 when they have all the information available to verify that both sources are in fact from the same origin? Can I presume that this is MTA -> MTA, not mail submission (which will leave gmail via your own gmail account) ? Do you use a client certificate (in the TLS handshake ?) so that gmail knows it is really you ? What information does GMail have to determine that the two sources are the same and how quickly could they put it all together to prove that that deduction is trustworthy ? *Should* they even do this ? You presumably wouldn't want a visitor to your /64 network to have the same reputation as your mailserver, so why should they share reputation between your IPv4 and Ipv6 ? If I understand correctly GMail can even give different trust levels to different apps on the same phone ! I suspect that the simple answer is that GMail has not established that the two sources are in fact the same, and your IPv6 source, being new, has no positive reputation. -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
In article <6b3de7584a85d36e3d912d75f1616...@webmail.greengecko.co.nz> you write: >Anecdotal, but last time I delved deep into this, apparently the majority of >spam was sent via IPv6 I don't see that at all. I get mountains of bot spam on v4, still close to none on v6. -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
> Anecdotal, but last time I delved deep into this, apparently the > majority of spam was sent via IPv6 i don't see this a quick db query gives me: v6 pct -- -- 0 89.45 1 10.55 it would probably be even more v4 as presently persistent ipv4 sources are blocked; something i don't do for ipv6 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
Anecdotal, but last time I delved deep into this, apparently the majority of spam was sent via IPv6 December 19, 2019 12:16 PM, "Brian via mailop" wrote: > On Wed, 2019-12-18 at 13:44 -0800, Mark Milhollan via mailop wrote: > >> IPv6 is normally preferred so if you have published an for the >> highest priority MX then IPv6 would be tried first, and since you >> accept >> the messages you no longer see much IPv4 from them. As to why they >> don't like you via IPv6 -- they are (more) "strict" about IPv6 >> connections so you need a PTR along with SPF and/or DKIM, plus you >> should be sure to signal "Not Spam" on any messages that make it in >> but >> have the Spam label. G Suite has additional controls you should >> look >> into. > > Sorry, I should have been more precise: when I said that my server > followed "all the recommendations and standards" I meant things like > SPF, DKIM, DMARC, PTR, etc. So yeah, there are PTR records for both v4 > and v6 addresses, and I believe the other records are correct too. > > For SPF I am using CIDR notation according to the RFC for my /64, and > Gmail seems ok with it (I get 3 PASSes, including the SPF from my v6). > > Thanks > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
On Wed, 2019-12-18 at 13:44 -0800, Mark Milhollan via mailop wrote: > IPv6 is normally preferred so if you have published an for the > highest priority MX then IPv6 would be tried first, and since you > accept > the messages you no longer see much IPv4 from them. As to why they > don't like you via IPv6 -- they are (more) "strict" about IPv6 > connections so you need a PTR along with SPF and/or DKIM, plus you > should be sure to signal "Not Spam" on any messages that make it in > but > have the Spam label. G Suite has additional controls you should > look > into. Sorry, I should have been more precise: when I said that my server followed "all the recommendations and standards" I meant things like SPF, DKIM, DMARC, PTR, etc. So yeah, there are PTR records for both v4 and v6 addresses, and I believe the other records are correct too. For SPF I am using CIDR notation according to the RFC for my /64, and Gmail seems ok with it (I get 3 PASSes, including the SPF from my v6). Thanks ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
On Wednesday 2019-12-18 12:18, Brian wrote: For what I can see on my logs, Gmail seem to prefer v6 when delivering emails to my server, but for some reason when my server uses v6 to deliver emails their milters mark them as spam (except of course when I send test emails to my 15 years old personal gmail account... *sigh*) My question is: why Gmail is OK with my old v4 but at the same time doesn't trust my new v6 when they have all the information available to verify that both sources are in fact from the same origin? IPv6 is normally preferred so if you have published an for the highest priority MX then IPv6 would be tried first, and since you accept the messages you no longer see much IPv4 from them. As to why they don't like you via IPv6 -- they are (more) "strict" about IPv6 connections so you need a PTR along with SPF and/or DKIM, plus you should be sure to signal "Not Spam" on any messages that make it in but have the Spam label. G Suite has additional controls you should look into. /mark ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail doesn't like my IPv6 address, why?
Probably lack of authentication. Did you set up an SPF record? Did that SPF record include your V6 addresses? Honestly, so much of email service is on ipv4 that I just disabled my server's ipv6 interface. Prior to that I would have similar issues, intermittently. It turns out the intermittent nature was whether or not the mail was transiting over ipv4 or ipv6. I THOUGHT I had the ipv6 entries set up correctly in my SPF record, but it's quite possible that I didn't. (It was a while ago...I don't remember.) Cheers, Al On Wed, Dec 18, 2019 at 2:23 PM Brian via mailop wrote: > > I never had any significant deliverability issues with my personal low > volume email server before, which I have been running for several years > following pretty much all the well-known recommendations and standards. > > Two months ago I decided to take some time to setup IPv6 using a new > /64 I got from my ISP and update all the records to use ::1 in addition > to my old v4. After fixing some minor problems I was able to both > receive and submit emails using my new IPv6 address. For what I can see > on my logs, Gmail seem to prefer v6 when delivering emails to my > server, but for some reason when my server uses v6 to deliver emails > their milters mark them as spam (except of course when I send test > emails to my 15 years old personal gmail account... *sigh*) > > My question is: why Gmail is OK with my old v4 but at the same time > doesn't trust my new v6 when they have all the information available to > verify that both sources are in fact from the same origin? > > > Thanks in advance, > Brian > > > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- al iverson // wombatmail // chicago http://www.aliverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Gmail doesn't like my IPv6 address, why?
I never had any significant deliverability issues with my personal low volume email server before, which I have been running for several years following pretty much all the well-known recommendations and standards. Two months ago I decided to take some time to setup IPv6 using a new /64 I got from my ISP and update all the records to use ::1 in addition to my old v4. After fixing some minor problems I was able to both receive and submit emails using my new IPv6 address. For what I can see on my logs, Gmail seem to prefer v6 when delivering emails to my server, but for some reason when my server uses v6 to deliver emails their milters mark them as spam (except of course when I send test emails to my 15 years old personal gmail account... *sigh*) My question is: why Gmail is OK with my old v4 but at the same time doesn't trust my new v6 when they have all the information available to verify that both sources are in fact from the same origin? Thanks in advance, Brian ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop