Intention to enable IPv6 by default in 2017

That’s why you ban IPv6 subnets rather than individual addresses. IPv6 has a standardised subnet size, so banning that whole range would be equivalent to banning an individual IPv4 address that uses NAT.

3 Likes

Painful in data centers that assign each server 1 IP in a shared /64 (at least by default), though.

That is horrifying…
Though imo, I think vendors deviating from the /64 standard will have to find their own way around getting their subnets blacklisted.
I know DigitalOcean assigns very small IPv6 subnets, and they block email over IPv6 for this reason.

1 Like

It’s easy to understand why that would be the default, but if they charge for a /64 of your own I’d find another host.

From the start that has been widely considered a terrible idea, but this did not stop some providers from doing it.

However, every DNSBL I know of that supports IPv6 listings does list on /64 or larger, and lots of other IP reputation services go by at least the /64 as well, so again it is already pretty well established that if you share a /64 you share IP reputation.

Of the providers that don’t by default give at least a /64, the only one I have personally experienced is Linode. You basically cannot reliably send IPv6 email from Linode without asking for your own /64, because some other customer will have polluted the shared /64. Linode do assign you a /64 of your own for free if you ask though.

1 Like