[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Gmail accepts spam when you use email forwarding

Subject: [ale] Gmail accepts spam when you use email forwarding
From: bg-ale at bjorng.net (Björn Gustafsson)
Date: Tue, 15 Dec 2009 14:27:48 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

Richard,

Why don't you run SPF on your mail relay?  That's what mine does.
Like others have said, SPF can't authenticate anything more than the
immediate connection, so to authenticate/block the sender you'd have
to do it on your relay.  I've never done it in postfix, but I can't
imagine it's terribly complex.

On Tue, Dec 15, 2009 at 10:53 AM, Richard Bronosky <Richard at bronosky.com> wrote:
> Let me know if Google is in the wrong, or I am crazy.
> What I have is a postfix server on slicehost that I use solely for the
> purpose setting up @bronosky.com email forwarders for members of my
> family, and as an outgoing mail server (which I have Gmail using!).
> Most of us are using Gmail now, but some of the?stragglers?are still
> on Hotmail or Yahoo!. For the past week 15 times a day I have been
> receiving and reporting as spam the same message (nearly) with very
> similar?heads.
>
> line05: Received: from slice1.bronosky.com (slice1.bronosky.com
> [174.143.204.116]) by mx.google.com with ESMTP id
> t12si19704611gvd.5.2009.12.15.00.24.02; Tue, 15 Dec 2009 00:24:03
> -0800 (PST)
> line06: Received-SPF: pass (google.com: best guess record for domain
> of nmike at bronosky.com designates 174.143.204.116 as permitted sender)
> client-ip=174.143.204.116;
> line07: Authentication-Results: mx.google.com; spf=pass (google.com:
> best guess record for domain of nmike at bronosky.com designates
> 174.143.204.116 as permitted sender) smtp.mail=nmike at bronosky.com
> line08: Received: from alixpartners.com (unknown [116.68.243.172]) by
> slice1.bronosky.com (Postfix) with SMTP id 6D0A017643 for
> <deadmail at bronosky.com>; Tue, 15 Dec 2009 08:26:44 +0000 (UTC)
> line09: From: VIAGRA ?? Reseller <deadmail at bronosky.com>
> line10: To: deadmail at bronosky.com
> line11: Subject: Deal of the Day: Save 76%
> line12: MIME-Version: 1.0
> line13: Content-Type: text/html; charset="ISO-8859-1"
> line14: Content-Transfer-Encoding: 7bit
> line15: Message-Id: <20091215082645.6D0A017643 at slice1.bronosky.com>
> line16: Date: Tue, 15 Dec 2009 08:26:44 +0000 (UTC)
>
> the part that really sucks are line06 and line07. All mail for
> @bronosky.com is going to come to Google forwarded from
> slice1.bronosky.com because that's the way it is. Where I believe
> Google is goofing up is that they are SPF checking the IP from line05
> instead of the IP from line08. So, the trick to spamming any Gmail
> user who forwards from another domain is the set the From: header to
> an address @ that domain. Seems like a huge fail to me.
>
> Please opine.
>
> --
> .!# RichardBronosky #!.

-- 
Bj?rn Gustafsson

References:
- [ale] Gmail accepts spam when you use email forwarding
  - From: Richard at Bronosky.com (Richard Bronosky)

Prev by Date: [ale] Adobe confirms PDF zero-day attacks
Next by Date: [ale] secure email - s/mime ?
Previous by thread: [ale] Gmail accepts spam when you use email forwarding
Next by thread: [ale] Adobe confirms PDF zero-day attacks
Index(es):
- Date
- Thread