How to Fix Gmail SMTP Rejection Due to Missing PTR Records for IPv6 Email Servers


2 views

When setting up a new email server with both IPv4 and IPv6 addresses, many administrators encounter Gmail's strict rejection policy. Unlike other providers that might route such emails to spam folders, Gmail outright rejects messages with the error:

550-5.7.1 Our system has detected that this message does not meet IPv6 sending guidelines 
550-5.7.1 regarding PTR records and authentication

Google's mail servers perform reverse DNS lookups more aggressively for IPv6 connections. Without proper PTR records:

  • Gmail treats the connection as potentially malicious
  • The lack of reverse DNS makes authentication mechanisms like SPF less effective
  • IPv6 connections get stricter scrutiny than IPv4

Since your datacenter requires A records to match before setting PTR, try these temporary solutions:

# Force Exim to use IPv4 only
disable_ipv6 = true
# In exim4.conf.template:
.ifdef DISABLE_IPV6
disable_ipv6 = true
.endif

Alternatively, configure your mail server to authenticate via:

  1. DKIM signatures with proper alignment
  2. DMARC policy with p=none
  3. Explicit SPF includes for both IP versions

Once you can modify PTR records, implement this complete setup:

; IPv4 SPF
example.com. IN TXT "v=spf1 ip4:192.0.2.1 ip6:2001:db8::1 -all"

; IPv6 PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR mail.example.com.

Use these diagnostic commands before production deployment:

# Check PTR records
dig -x 2001:db8::1 +short
# Test SMTP delivery
swaks --to user@gmail.com --server your.mail.server --from valid@yourdomain.com

Remember that Gmail's reputation system may take 24-48 hours to update after DNS changes.

When setting up a new mail server, you might encounter Gmail's strict rejection with the error:

550-5.7.1 Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records and authentication.

This occurs because Gmail enforces stricter requirements than other providers, which might simply route your emails to spam.

Gmail requires three critical elements for email acceptance:

  • Valid PTR records (reverse DNS)
  • SPF authentication for both IPv4 and IPv6
  • DKIM signing of messages

If you can't set up PTR records immediately, try forcing IPv4 delivery:

# In Exim configuration (exim.conf)
disable_ipv6 = true
# Or for Postfix:
inet_protocols = ipv4

This bypasses IPv6 checks while you work on proper DNS setup.

Here's how to properly configure your DNS records once ready:

; SPF record example
example.com. IN TXT "v=spf1 ip4:192.0.2.1 ip6:2001:db8::1 -all"

; PTR record setup
1.2.0.192.in-addr.arpa. IN PTR mail.example.com.
1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR mail.example.com

Use these commands to verify your setup:

# Check PTR records
dig -x your.ipv4.address
dig -x your.ipv6.address

# Test SPF
nslookup -type=TXT example.com

# Verify DKIM
openssl dgst -sha256 -verify publickey.pem -signature signature.file message.txt

If DNS changes aren't possible, consider using a relay service:

# Postfix relayhost configuration
relayhost = [smtp.relayservice.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_security_level = encrypt

After implementation, monitor logs and use tools like:

  • Google Postmaster Tools
  • MXToolbox Delivery Center
  • Mail-tester.com