Yahoo Mail/Gmail 2024 Easy Sender Compliance Guide: Click here

Honestly? Don't send to Gmail over IPv6


Yes, some people do it, and yes, for some people, it works fine. But.....

If you're standing up a new server and it has an IPv6 IP address, and it has no sending reputation, you'll find it very hard to get mail reliably delivered to Gmail inboxes. You're starting with two strikes against you -- both reputation and authentication requirements.

If you're going to try to do it -- start here:

  1. Make sure you have working forward and reverse DNS (for both IPv4 and IPv6, if you have both).
  2. Make sure you implement SPF.
  3. Make sure you implement DKIM.
  4. Maybe even implement DMARC.
  5. Start out very slow, very low volume, a few messages at a time. Do they go through? If not, maybe you've sent too many. Do not increase the limit per test until you stop seeing blocking.
  6. Give up and disable the IPv6 interface (or configure Postfix to route the mail out to Gmail via the IPv4 interface).
  7. Realize that this if solves all of your problems, maybe you should stop here, and crack open a cold, possibly alcoholic, beverage.

Ultimately, Gmail is very fussy about reputation and authentication, and even more so on IPv6. I've probably seen at least a half dozen complaints from hobbyist users this year that when setting up their new server, Gmail won't let their mail through, and it's almost always this issue. Is switching to IPv4 a perfect solution? No. But sometimes email isn't perfect. It depends on whether or not you want to fight it, or just get it done and over with.

If you're sure there ought to be another way -- or you want to ask other mail server administrators for suggestions, the Mailop list is where you do that. But I'm telling you now, if you're in a hurry to try to solve this, IPv6 is probably not going to be your friend here. 

5 Comments

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.

  1. This is still true in March 2022.
    I run dual-stack (IPv4 and IPv6). But delivering to Google/Gmail via IPv6 hard-blocks email delivery 99% of the time.

    - Yes, I have added my IPv6 address to my SPF record
    - Yes, I have forward and reverse DNS entries for my IPv6 address
    - Yes, I have verified my domain in the Google Postmaster tools

    None of the above configurations make any difference. Now, disable IPv6 for SMTP connections, and voila! Now suddenly all my email gets delivered to Gmail.

    Gmail's validation checks for email delivered via IPv6 is very broken.

    --deckert

    ReplyDelete
  2. Reverse charge: I dont accept any emails from @gmail.com for my b2b company since its 100% spam.

    ReplyDelete
  3. A thing you might want to try if you want to commit to having a mail server in the long-term: Follow the first five steps. As an additional step, send emails to your friends that use Gmail. Send it to your own Gmail address, if applicable. And everytime it lands in spam, mark it as not spam. After a few weeks of sending a few mails every day, and perhaps even trying to ramp up volume of emails a bit to normal levels (e.g. if you intend to run a service like a Fediverse instance) and marking all of the ones landing in the spam folder as not spam, Gmail's filters do actually get trained to recognize your emails as not being spam. My mail server has existed for a bit over three years now, having even moved IP addresses about two years ago, and so far, none have landed in spam anymore (as far as I'm aware).

    ReplyDelete
  4. I can confirm that. Google's artificial stupidity relies on actual users flagging messages as not spam to start giving ranking to servers.

    I don't know exactly when they shifted from innocent until flagged as guilty to the opposite behavior, but that's how it's working now.

    If you want to debug it, you have to send a message to any form of gmail account and check the headers.

    Check the ARC-* headers and the X-CMAE* headers to see what's your current spam level.

    ReplyDelete
  5. I suddenly get this for DKIM signed messages:
    The IP address sending this
    550-5.7.25 message does not have a PTR record setup, or the corresponding
    550-5.7.25 forward DNS entry does not point to the sending IP.
    https://support.google.com/mail/answer/81126#ip-practices
    Notice that it refers to IP instead of IPv6, while the report shows an IPv6 address....
    This is for a professional installation.
    However, my home installation sends fine over IPv6, without any PTR records.

    ReplyDelete
Previous Post Next Post