[ipv6hackers] my IPv6 insecurity slides

Fabian Wenk fabian at wenks.ch
Fri Dec 2 10:17:17 CET 2011

Hello Owen

On 01.12.2011 02:48, Owen DeLong wrote:
> On Nov 30, 2011, at 4:54 PM, Fabian Wenk<fabian at wenks.ch>  wrote:

>> For my own mail server I have 3 MX entries (all pointing to
>> the same physical server), the one with the lowest priority
>> has both IPv4 and IPv6 entries, the middle with only an IPv4
>> entry and the highest with only IPv6 entry (to fool spam
>> bots which are on IPv4 only). I think that such an setup
>> could have helped on the receiving side, so that my server
>> would have tried on a different MX (with only IPv4) to send
>> the mail.
> What's the point of the third one?

As I already have answered Owen in private e-mails with all the 
other stuff, I post here only my answer about the MX stuff, which 
I wrote the wrong way around above:

Ok, now I see the mistake I did. With the "lowest" I did mean the
lowest MX (eg. MX 10, which has the highest priority) and with
the "highest" the highest MX (eg. MX 30, which has the lowest 

It is like this:
MX 10	IPv4 + IPv6	(the one preferred)
MX 20	IPv4
MX 30	IPv6	(to also fool spam bots)

Hopefully this is something which could help other mail admins 
when creating the MX entries in a dual-stacked setups.


More information about the Ipv6hackers mailing list