[Top] [All Lists]

Re: Block IPv6-only at the border (was: I-D Action:draft-klensin-rfc2821bis-10.txt)

2008-04-16 15:36:39

And which of the two of you did I hear volunteer to start
writing a coherent and unified "best practices" I-D?  Please
take this off the list and start writing.


--On Wednesday, 16 April, 2008 22:30 +0100 Sabahattin Gucukoglu
<mail(_at_)sabahattin-gucukoglu(_dot_)com> wrote:

Hash: SHA1

Hi Frank,

On 16 Apr 2008 at 20:46, Frank Ellermann
<hmdmhdfmhdjmzdtjmzdtzktdkztdjz(_at_)gmail(_dot_)com> said:

"Tony Finch" wrote:

I doubt that it makes sense to accept email from 
test(_at_)ipv6(_dot_)l(_dot_)google(_dot_)com on a system that can only
communicate with IPv4 addresses.

In stark contrast to Ned's view I think that you
MUST reject such mails - unless you can guarantee
delivery without auto-response (no NDR, no DSN,
no MDN, no vacation, no forward, in essence an 
empty reverse-path, near to rewrite MAIL FROM:<>)

No, I don't agree.  Your only real obligation is to ensure
that your  output relay doesn't attempt a delivery and so
waste resources when it  can't do it by simply guaranteeing
that IPv6 hosts aren't considered in  email routing at time of
delivery (EG worst case is a double-bounce  listing "No data"
as reason because the resolver routines have ignored the  IPv6
addresses, if double-bounces were enabled - and they should
be!).   That doesn't mean not accepting mail from IPv6-only
hosts, any more than  it means not accepting mail from an
invalid mailbox.  IMHO, it's your  responsibility to ensure
that mail can and will be accepted and to make  sure that it
will be delivered so that the minimal number of DSNs/whatever 
have to be generated to accomodate your configuration problems
under  whatever circumstance.  It is less wise to depend on a
sender check that  doesn't make sense semantically (there
never has been and never will be a  requirement in a spec
enforcing it, and for good reason, even if it makes  sense for
policy) and which is only really useful as a feeble antispam 
check nowadays anyway in these days of deliberate DSN disposal.

Same idea as in EAI, after a reject "the sender
can make another plan".  After accepting it the
IPv6-only mail vanished in a black hole for all
non-trivial cases.  


- -- 
Sabahattin Gucukoglu
<mail<at>sabahattin<dash>gucukoglu<dot>com> Address
harvesters, snag this: feedme(_at_)yamta(_dot_)org
Phone: +44 20 88008915
Mobile: +44 7986 053399

Version: PGP 8
Comment: QDPGP -

bT wv9u+hrPwyAmpqq1p98Rkph6