[AusNOG] IPv6 reverse DNS and Mail ...

Karl Auer kauer at into6.com.au
Tue May 21 09:53:20 EST 2013


On Tue, 2013-05-21 at 09:04 +1000, Noel Butler wrote:
>  SHANE wrote:
> > > If the customer isn't getting their mail, you're not doing your job. 
> 
> Ummm, no, if the clients gets more that could have easily been stopped -
> I'm not doing my job.

And right there is the tension between two equally worthy goals. "Our
job" is making the right judgement and striking the right balance
between the two requirements.

Dropping an email *only* because the sender has no PTR record, is IMHO
going too far in one direction. The lack of a PTR is just one of many
indicators that an email is possibly spam. Dropping emails where the
sending host has no PTR record is about the equivalent of dropping all
emails that contain a sequence of three exclamation marks, or that
contain the word "enlargement" :-)

In the world as it stands now, most email comes via large managed
servers serving many users, not directly from the source. Most email is
delivered to large managed servers too. Part of the reason for the
latter is NAT - it's hard to get email delivered to a local server if it
is behind NAT. And it's hard, in that situation, to control the reverse
lookup, particularly as you generally have only one IPv4 address or a
very small subnet.

IPv6 (which is where this discussion started!) opens up the local LAN.
NAT disappears, and local subnets become very large, globally
addressable, and globally reachable (modulo any desired firewalling). It
is *easy* to run servers in the home. No UPnP, no port forwarding,
multiple servers using the same port etc etc. That is a different world,
and one where the end user - who for a long time the industry has
considered a passive "consumer" - can become an effective producer; a
peer on the Internet.

One thing that is *not* likely to change without customer pressure is
the lack of reverse delegation to such peers. Not that it is
particularly hard for service providers to do it with IPv6 - it's much
easier for IPv6 than for IPv4. Until enough people are running local
servers and they want to brand both the services and the addresses of
those services, there will likely be little demand.

But dropping their email just because they don't have PTR records set up
will be a show stopper for small local mail servers. And because it
happens at the far end, they can't hassle their service provider about
it - they can only hassle their service provider about email they are
not *receiving*. That may have an effect - but it's a small one compared
to demanding transmission of the data they source.

So I would suggest that in the IPv6 world that is coming (slowly :-)
dropping email based solely on a lack of PTR record is a
business-damaging, community-damaging, customer-damaging, user-damaging
thing to do. It's all of that in the IPv4 world, which is why I disagree
with it even now, but in the IPv6 world it's a  worse thing to do.

At least until the almost certain advent of ubiquitous synthesised IPv6
PTR responses, when it will become a non-issue.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer                                          tel  +61-2-64957435
kauer at into6.com.au                                 mob  +61-428-957160
                                         
Into6 - IPv6 design, support, training                www.into6.com.au

GPG/PGP fingerprint: D8A4 A65A EE32 286F 1E36 55A4 0901 EEAF A785 1684




More information about the AusNOG mailing list