[cryptography] [Cryptography] IPv6 and IPSEC

John Levine johnl at iecc.com
Wed Sep 4 04:47:44 EDT 2013


>But with IPv6 privacy extensions, a single machine might be using
>pseudorandomly-generated addresses in a /64 subnet,

I believe this problem falls into the category where the solution is
"don't do that."  You can do whatever you want with your internal
hosts, but your mail relay needs to hold still so receivers can
develop a reputation for it.

If you want people to accept your mail, send it from a fixed IP
address with forward and backward matching DNS.  You need to figure
out enough about SPF to publish a record that blesses your outgoing
servers.  If that's too hard, it's time to outsource your mail to
someone who can deal with it.

R's,
John

PS: Google accepts my IPv6 mail just fine.  Even the mailing lists.


More information about the cryptography mailing list