Hello,

currently, it is acceptable to use IPv4-only services for sending e-mails.
I don't like to say this, but SMTP will probably be the last service ever to move to IPv6.

The reason is, that the incredible huge IPv6 address space allows spammers to use a new IPv6 address for send each spam email. This makes usage of reputation IP block lists impossible. Storing blacklisted IPv6 addresses in a database makes no sense anymore, because no IPv6 address will be used twice. Also: there's probably no database big enough to store this massive amount of information. Even if you decide to blacklist whole /64 subnets instead of single IPv6 addresses: the Global Unicast IPv6 address space contains 2^61 /64 subnets, if i am not mistaken. I am no database expert, but that's probably still to much.

Don't get me wrong: i am not in favor of IPv4. I also want IPv6 for everything. But currently, there's no good solution for this antispam problem (at least not to my knowledge).
Yes, yes, i know what you want to say now. A perfect antispam filter ignores the sending IP address and only focuses on the mail body and headers. But the (uncomfortable) truth is, that you achieve better results, if you take the IP reputation of the sending host into consideration. And you can bet that email security solution providers want to achieve the best results possible. Also: IP block list are simple and effective. Using it as first antispam filter stage spares the following (ressources-intensive) stages like sandboxing, etc.

The biggest advantage of IPv6 (unlimited addresses) turns into a disadvantage when it comes to antispam. Even enterprise-level solution providers like Proofpoint have decided to postpone IPv6 usage for SMTP. The fact that the IPv4 address space is limited (and thus a valuable good), has a positive effect on antispam.

I appreciate, that Google supports inbound mails via IPv6 for a few years. And Microsoft recently added IPv6 support for inbound emails too (for M365). But both of them are no security companys, not primarily at least. My guess is, that they will fight IPv6 spam alot, as soon as spammers start to focus on this.

BR,
Simon


On 17.04.25 16:07, Gert Doering wrote:
Hi,

On Thu, Apr 17, 2025 at 02:39:51PM +0200, Robert Kisteleki wrote:

Regarding it being an IPv4-only service, unfortunately, this is often the
case with email service providers. We have asked Brevo to offer services
over IPv6 as well, but without success.

Just don't use services that do not offer IPv6... otherwise they will
never learn ("there is no customer demand" = "customers might grumble,
but still give us money, so why should we bother").

I think there is a clear mandate from the RIPE community that all 
internet-facing services the RIPE NCC offers SHOULD be dual-stacked
(and in my book that includes outsourced 3rd party services, if we
as users can see them).

Gert Doering
        -- NetMaster


-----
To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ripe-atlas.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. 
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/