[ale] Gmail accepts spam when you use email forwarding

Björn Gustafsson bg-ale at bjorng.net
Tue Dec 15 14:27:48 EST 2009


Richard,

Why don't you run SPF on your mail relay?  That's what mine does.
Like others have said, SPF can't authenticate anything more than the
immediate connection, so to authenticate/block the sender you'd have
to do it on your relay.  I've never done it in postfix, but I can't
imagine it's terribly complex.

On Tue, Dec 15, 2009 at 10:53 AM, Richard Bronosky <Richard at bronosky.com> wrote:
> Let me know if Google is in the wrong, or I am crazy.
> What I have is a postfix server on slicehost that I use solely for the
> purpose setting up @bronosky.com email forwarders for members of my
> family, and as an outgoing mail server (which I have Gmail using!).
> Most of us are using Gmail now, but some of the stragglers are still
> on Hotmail or Yahoo!. For the past week 15 times a day I have been
> receiving and reporting as spam the same message (nearly) with very
> similar heads.
>
> line05: Received: from slice1.bronosky.com (slice1.bronosky.com
> [174.143.204.116]) by mx.google.com with ESMTP id
> t12si19704611gvd.5.2009.12.15.00.24.02; Tue, 15 Dec 2009 00:24:03
> -0800 (PST)
> line06: Received-SPF: pass (google.com: best guess record for domain
> of nmike at bronosky.com designates 174.143.204.116 as permitted sender)
> client-ip=174.143.204.116;
> line07: Authentication-Results: mx.google.com; spf=pass (google.com:
> best guess record for domain of nmike at bronosky.com designates
> 174.143.204.116 as permitted sender) smtp.mail=nmike at bronosky.com
> line08: Received: from alixpartners.com (unknown [116.68.243.172]) by
> slice1.bronosky.com (Postfix) with SMTP id 6D0A017643 for
> <deadmail at bronosky.com>; Tue, 15 Dec 2009 08:26:44 +0000 (UTC)
> line09: From: VIAGRA ® Reseller <deadmail at bronosky.com>
> line10: To: deadmail at bronosky.com
> line11: Subject: Deal of the Day: Save 76%
> line12: MIME-Version: 1.0
> line13: Content-Type: text/html; charset="ISO-8859-1"
> line14: Content-Transfer-Encoding: 7bit
> line15: Message-Id: <20091215082645.6D0A017643 at slice1.bronosky.com>
> line16: Date: Tue, 15 Dec 2009 08:26:44 +0000 (UTC)
>
> the part that really sucks are line06 and line07. All mail for
> @bronosky.com is going to come to Google forwarded from
> slice1.bronosky.com because that's the way it is. Where I believe
> Google is goofing up is that they are SPF checking the IP from line05
> instead of the IP from line08. So, the trick to spamming any Gmail
> user who forwards from another domain is the set the From: header to
> an address @ that domain. Seems like a huge fail to me.
>
> Please opine.
>
> --
> .!# RichardBronosky #!.

-- 
Björn Gustafsson



More information about the Ale mailing list