After years of waiting, Google has finally enabled IPv6 for their email service Gmail. And a few weeks ago, they updated their policy, adding one specific rule: reject email from IP addresses with no reverse name:
% nc -Cv gmail-smtp-in.l.google.com. smtp Connection to gmail-smtp-in.l.google.com. 25 port [tcp/smtp] succeeded! 220 mx.google.com ESMTP bz2si13656083wjc.108 - gsmtp HELO boo.example.com 250 mx.google.com at your service MAIL FROM: <email@example.com> 250 2.1.0 OK bz2si13656083wjc.108 - gsmtp RCPT TO: <firstname.lastname@example.org> 250 2.1.5 OK bz2si13656083wjc.108 - gsmtp DATA 354 Go ahead bz2si13656083wjc.108 - gsmtp Subject: Test From: Me <email@example.com> To: You <firstname.lastname@example.org> Test. . 550-5.7.1 [2001:db8:8e3f:43c7::12 16] Our system has detected that this 550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records 550-5.7.1 and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. bz2si13656083wjc.108 - gsmtp
- It is not a sane anti-spam measure, because not having a reverse
name tells absolutely nothing about the email emitter or the
message itself: it only indicates that the email emitter has a lame
access provider. Specifically:
- spammers can have perfect reverse names;
- regular email emitter can have no reverse name because their access provider suck, and have no way of fixing it because all access providers suck the same way.
- While IPv6 is the future of the Internet, this measure discourages its use. Yes, providing no reverse names suck, but it is by no mean the user's fault, and since IPv6 is more complicated to implement than IPv4, Internet actors must tolerate youth errors or people will just keep what works, i.e. IPv4.
By the way, I would love to have a perfect Internet access provider, but that does not exist where I live, and I do not think it exists at all anywhere. Google, instead of complaining about lame access providers, you are welcome to offer me a fibre service with decent upload rate, static IPv4, static IPv6 /64, customizable reverse DNS for IPv4 and IPv6, and full respect of the network neutrality. Until then, I am doing the best I can with the least bad provider available.
As I said, their is an easy workaround. Google does not accept my
mail on IPv6? Fine, I will keep using IPv4. Only for Google of course,
no need to punish the whole Internet for Google's damn restrictions.
With Postfix, you can do that this way (thanks to Christian
Skala for his blog post about this problem). In
/etc/postfix/master.fr, enable an IPv4-only SMTP
smtp4 unix - - - - - smtp -o inet_protocols=ipv4
/etc/postfix/main.cf, define a transport
map if you do not already use one:
transport_maps = hash:/etc/postfix/transport
Create that transport map
/etc/postfix/transport or complete it:
Finally, hash that transport map and have Postfix reload its configuration:
# postmap /etc/postfix/transport # service postfix reload