[ale] Gmail accepts spam when you use email forwarding

Richard Bronosky Richard at Bronosky.com
Tue Dec 15 10:53:49 EST 2009 

Let me know if Google is in the wrong, or I am crazy.
What I have is a postfix server on slicehost that I use solely for the
purpose setting up @bronosky.com email forwarders for members of my
family, and as an outgoing mail server (which I have Gmail using!).
Most of us are using Gmail now, but some of the stragglers are still
on Hotmail or Yahoo!. For the past week 15 times a day I have been
receiving and reporting as spam the same message (nearly) with very
similar heads.

line01: Delivered-To: richardbronosky at gmail.com
line02: Received: by 10.220.108.106 with SMTP id e42cs49574vcp; Tue,
15 Dec 2009 00:24:04 -0800 (PST)
line03: Received: by 10.216.90.196 with SMTP id
e46mr2408469wef.194.1260865444149; Tue, 15 Dec 2009 00:24:04 -0800
(PST)
line04: Return-Path: <nmike at bronosky.com>
line05: Received: from slice1.bronosky.com (slice1.bronosky.com
[174.143.204.116]) by mx.google.com with ESMTP id
t12si19704611gvd.5.2009.12.15.00.24.02; Tue, 15 Dec 2009 00:24:03
-0800 (PST)
line06: Received-SPF: pass (google.com: best guess record for domain
of nmike at bronosky.com designates 174.143.204.116 as permitted sender)
client-ip=174.143.204.116;
line07: Authentication-Results: mx.google.com; spf=pass (google.com:
best guess record for domain of nmike at bronosky.com designates
174.143.204.116 as permitted sender) smtp.mail=nmike at bronosky.com
line08: Received: from alixpartners.com (unknown [116.68.243.172]) by
slice1.bronosky.com (Postfix) with SMTP id 6D0A017643 for
<deadmail at bronosky.com>; Tue, 15 Dec 2009 08:26:44 +0000 (UTC)
line09: From: VIAGRA ® Reseller <deadmail at bronosky.com>
line10: To: deadmail at bronosky.com
line11: Subject: Deal of the Day: Save 76%
line12: MIME-Version: 1.0
line13: Content-Type: text/html; charset="ISO-8859-1"
line14: Content-Transfer-Encoding: 7bit
line15: Message-Id: <20091215082645.6D0A017643 at slice1.bronosky.com>
line16: Date: Tue, 15 Dec 2009 08:26:44 +0000 (UTC)

the part that really sucks are line06 and line07. All mail for
@bronosky.com is going to come to Google forwarded from
slice1.bronosky.com because that's the way it is. Where I believe
Google is goofing up is that they are SPF checking the IP from line05
instead of the IP from line08. So, the trick to spamming any Gmail
user who forwards from another domain is the set the From: header to
an address @ that domain. Seems like a huge fail to me.

Please opine.

--
.!# RichardBronosky #!.

More information about the Ale mailing list