Hello, currently, it is acceptable to use IPv4-only services for sending e-mails. I don't like to say this, but SMTP will probably be the last service ever to move to IPv6. The reason is, that the incredible huge IPv6 address space allows spammers to use a new IPv6 address for send each spam email. This makes usage of reputation IP block lists impossible. Storing blacklisted IPv6 addresses in a database makes no sense anymore, because no IPv6 address will be used twice. Also: there's probably no database big enough to store this massive amount of information. Even if you decide to blacklist whole /64 subnets instead of single IPv6 addresses: the Global Unicast IPv6 address space contains 2^61 /64 subnets, if i am not mistaken. I am no database expert, but that's probably still to much. Don't get me wrong: i am not in favor of IPv4. I also want IPv6 for everything. But currently, there's no good solution for this antispam problem (at least not to my knowledge). Yes, yes, i know what you want to say now. A perfect antispam filter ignores the sending IP address and only focuses on the mail body and headers. But the (uncomfortable) truth is, that you achieve better results, if you take the IP reputation of the sending host into consideration. And you can bet that email security solution providers want to achieve the best results possible. Also: IP block list are simple and effective. Using it as first antispam filter stage spares the following (ressources-intensive) stages like sandboxing, etc. The biggest advantage of IPv6 (unlimited addresses) turns into a disadvantage when it comes to antispam. Even enterprise-level solution providers like Proofpoint have decided to postpone IPv6 usage for SMTP. The fact that the IPv4 address space is limited (and thus a valuable good), has a positive effect on antispam. I appreciate, that Google supports inbound mails via IPv6 for a few years. And Microsoft recently added IPv6 support for inbound emails too (for M365). But both of them are no security companys, not primarily at least. My guess is, that they will fight IPv6 spam alot, as soon as spammers start to focus on this. BR, Simon On 17.04.25 16:07, Gert Doering wrote:

Hi,

On Thu, Apr 17, 2025 at 02:39:51PM +0200, Robert Kisteleki wrote:

...

Regarding it being an IPv4-only service, unfortunately, this is often the case with email service providers. We have asked Brevo to offer services over IPv6 as well, but without success. Just don't use services that do not offer IPv6... otherwise they will never learn ("there is no customer demand" = "customers might grumble, but still give us money, so why should we bother").

I think there is a clear mandate from the RIPE community that all internet-facing services the RIPE NCC offers SHOULD be dual-stacked (and in my book that includes outsourced 3rd party services, if we as users can see them).

Gert Doering -- NetMaster

----- To unsubscribe from this mailing list or change your subscription options, please visit:https://mailman.ripe.net/mailman3/lists/ripe-atlas.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at:https://www.ripe.net/membership/mail/mailman-3-migration/

Hi Gert,

This is no reason whatsoever to limit the sending side to "we will always only do v4, even if the reciever signals willingness to do v6". you are absolutely right. What i meant was, that it is accepable (in terms of *okay*) to use a IPv4-only service as long as 99,x percent of all email receivers worldwide do not want to accept emails via IPv6. You could still consider yourself as early adopter, if you start to send emails via IPv6 if ~5% of all recipients accept inbound emails via IPv6.

But I also recognize, that RIPE has some sort of pioneering role to play when it comes to new standards. Using the term "new standard" in a context of IPv6 is shameful. Let's say "best practice" instead. BR, Simon On 18.04.25 15:00, Gert Doering wrote:

hi,

On Fri, Apr 18, 2025 at 02:51:41PM +0200, Simon Brandt via ripe-atlas wrote:

...

currently, it is acceptable to use IPv4-only services for sending e-mails. Whether or not you feel comfortable *receiving* mail over IPv6 is, of course, your choice. This is communicated by having appropriate DNS records.

This is no reason whatsoever to limit the sending side to "we will always only do v4, even if the reciever signals willingness to do v6".

At least *our* Anti-Spam appliance has learned to do IPv6 reputation over 10 years ago, and this just works. We have no idea how they do it, and we do not really want to know - we asked them "make it happen or we will have to buy something else" and they did.

The time for presenting excuses why deploying IPv6 is hard / impossible / needs more time is long gone.

Gert Doering -- NetMaster

Am 18.04.2025 um 16:21:48 Uhr schrieb Simon Brandt via ripe-atlas:

Microsoft Exchange online Servers are probably more than 1%, but i am not sure if IPv6 is enabled for all customers by default.

Not yet (e.g. outlook.com is IPv4 only), but more and more were enabled in the last months. -- Gruß Marco Send unsolicited bulk mail to 1744986108muell@cartoonies.org

maybe answer to v6 spam is going my way. hint: it's in the from addr. it certainly doesn't fit all but in the end i guess it's either hiding and separating mails or like not receiving mail at all. or receiving spam all the time but i don't think keeping v4 solely for this is sane idea. it's like avoiding washing machines since eletricity could kill, and using a bucket instead