SSD nodes - nice deal
-
What's the downside in having IPv6 only for a Cloudron mail server w/ roundcube and a Wordpress website?
-
@humptydumpty really nothing anymore unless there's a specific blocker in CR. I think @girish got ipv6 native going a few months ago for the CR platform itself, but he can confirm. for me, i never talk by IP address (it's just a habit to get out of) and with ipv6, you really can't possibly remember the address, so posting DNS with AAAA records is all that you need. ie, my mail server is only ipv6 now, most of my hosted services are the same. sure, it's possible someone somewhere doesn't have ipv6 access yet, but eshk, that's gotta be a tiny number by now. really it's just habit for folks they need to get out of.
-
@doodlemania2 so that means you can't send/get mail from v4 only servers?
-
@doodlemania2 Your post got me thinking. Last time I looked into going IPv6 only (can't remember how long ago), what I recall is that there was no way to connect IPv6 addresses to the general internet... only IPv6. AAAA records either did not exist, or were fringe enough that it wasn't an option. So I've been living my life since, all this time, wondering how exactly this "new" IPv6 was going to be "the answer" when the average Joe Browser can't even stumble upon my IPv6 site.
Well, AAAA records exist now, or are more mainstream, and if I understood the snippets I read here and there, attaching a domain name to them makes those IPv6-based sites as easily accessible as IPv4 - assuming still the Joe Browser is on a IPv6 network, which, it seems, is now far more prevalent but still unknown, than before.
So, based on your experience and/or your own research, wouldn't email sent from an IPv6-based domain/ address suffer less often being marked as spam, if at all, since it isn't using an IPv4 address that has already been spam-abused? I mean, aren't you literally the only user on the IPv6-VPS you use on your SSDNodes servers?
EDIT: This comment by jar over at LET suggests that v6 is still hit by overly sensitive spam filters: https://lowendtalk.com/post/quote/188069/Comment_3704570
-
The spam filters globally do need more work as the reputations are (in part) based on how much good mail comes from a single source. With ipv6, those essentially get reset to 0 and for whatever reason have a lower trigger threshold. So, bringing on a new server that's ipv6 only does seem to carry a penalty. BUT, there's absolutely a workaround that has solved all of my issues: DKIM, DMARC, SPF - if those are set (correctly), and email server that gets message from that server should trust it by default unless/until they start ticking up with spam.
On your other topic about Joe Browser - yes, AAAA is the technical solution, but the Joe has to have an ipv6 connection. I may have this wrong, but I'm almost certain it is the "law" to have ipv6 on US and EU endpoints now. I know it is for government stuff and perhaps they 'encourage' compliance of that for private companies via fees, regulation, etc. Suffice to say, I'm not aware of any ISP that doesn't offer ipv6 by default (typically with a dual stack ipv4 too).
One notable exception is my own personal home internet which is behind CGNat which suuuuuuucks, but with some tweaks, I discovered that I am in fact getting an ipv6 (a whole range actually), so I've set my outbound DNS to only look at ipv6 records by default and all is grand. What doesn't work, of course, is INBOUND connections to my house cause CGat is shit. But... for the $ I'm paying - I'll take it! hehe
I've found that ipv6 is pretty much there for everyone if not the default path yet. Really the next "step" is ipv6 only, which SSDNodes and other providers are starting to ramp up. Azure and AWS are getting ready to start charging more for ipv4 if not already. We're at the inflection point. "Let's all jump!"
-
@doodlemania2 When IPv6 was first introduced, there were some pretty horrific privacy concerns about it, the sort that make you wonder about the people creating the protocol. Have these concerns been largely resolved now, after the initial reaction?
-
@LoudLemur I'm not at all qualified to answer that from a meta question, but I can see at least one privacy related item - every "thing" on the planet is going to have a unique, globally routable address. It is trivial to identify a device itself now with ipv6, but that is as it was prior to NAT was introduced to ipv4 in the late 90s, so, it feels relatively moot. I never really thought of NAT as a privacy thing, but it could be thought of that from an external party's perspective. Of course, the person running the NAT can easily see where those requests are coming from if asked, so, shrug
Was there another privacy thing you were thinking about I haven't even thought of yet?
-
@doodlemania2 said in SSD nodes - nice deal:
Was there another privacy thing you were thinking about I haven't even thought of yet?
That was the main one. IPv4 had private address ranges like 192.168.0.0/16 that are not routable on the public internet. IPv6 has no equivalent, so all addresses are public and reachable.
If you use a Virtual or bare metal machine, i wonder whether the MAC address might be used to determine whether the machine is real or virtual.
They can more easily keep your address the same as you cross networks to help them track you.
There is a lot of stuff. The more one reads about it, the more it seems that The Powers That Shouldn't Be made sure to grab as much power to isolate individuals as possible for future termination.
Feels bad, man.
-
not sure