System Administration & Network Administration
email email-server ipv6
Updated Wed, 28 Sep 2022 04:50:53 GMT

Should mail servers avoid sharing /64 ipv6 with others for reputation?


I've set up Mailcow on a server that has dedicated ipv4 but not /64 ipv6. I'm not quite sure how the reputation of the mail server is calculated. But I know that usually a device should get a /64 block, and cloudflare's ratelimit is also treating the /64 block as an single ipv4. Mailcow seems to be encouraging to use ipv6, from Disable IPv6 doc "This is ONLY recommended if you do not have an IPv6 enabled network on your host!" Should mail servers avoid sharing /64 ipv6 with others for reputation?




Solution

No, you should not go out of your way to make servers controlled by the same entity look less so. If systems can automatically make the connection that you are responsible for multiple addresses, that is a good thing.

Yes, many organisations will aggregate IPv6 addresses and treat all addresses with certain prefixes (very commonly <=64, often 56) as controlled by the same entity. This works to your advantage:

  • If one already received high volumes from some block of addresses, one has to be less suspicious of a sudden increase in volume, because it is not as much in relative terms.
  • If one has already logged a reasonable past resolution to an abuse complaint for a block, one does not need to apply the less nice mitigations otherwise reserved for unresponsive senders.

The fact that some of the less side-effect-free ways of dealing with rampant spam may lead to loss of communication for related servers should not worry you, because if you do not spam and do not associate with those enabling them, such actions will only affect you with extremely wrong configuration or compromised hosts.


Also yes, IPv6 should definitely be enabled now that the older protocol is increasingly broken by operating it beyond its design limitations. I tend to extend a higher credit of trust towards mail coming in via IPv6 because my experience so far is that many of the worst (in terms of allowing people to be bad netizens) providers simply do not offer IPv6 connectivity yet. Incidentally, Google has the reputation to do the opposite. YMMV.





Comments (1)

  • +0 – Not sure how to put it in proper words, but there is a bit of a comparison with history that goes into my reasoning here. There used to be a time when the median mail was not utter garbage, so there once was a point in worrying about the consequences of standing out negatively. This is simply not among the important considerations for most internet mail servers any more: Now that you would have to make an effort to achieve a worse than average performance. — Jun 24, 2022 at 00:52