google SPF bounces

Google’s gmail MX is doing the right thing by enforcing SPF rules, but the wrong thing by sending bounces (backscatter) to the address that those SPF rules indicate is forged.

I got the following message from the google mailer daemon (addresses obscured, of course, but xxx@xxxxxxxx.com does list google’s mail domains in its MX DNS records):

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

     xxx@xxxxxxxx.com

Message will be retried for 1 more day(s)

   ----- Message header follows -----

Received: by 10.210.34.2 with SMTP id h2mr1736737ebh.122.1209639751111;
        Thu, 01 May 2008 04:02:31 -0700 (PDT)
Return-Path: <xxx@scarff.id.au>
Received: from 1FF8A9589B7343C ([121.27.142.217])
        by mx.google.com with SMTP id c14si3720766nfi.16.2008.05.01.04.02.23;
        Thu, 01 May 2008 04:02:31 -0700 (PDT)
Received-SPF: fail (google.com: domain of xxx@scarff.id.au does not designate 121.27.142.217 as permitted sender) client-ip=121.27.142.217;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of xxx@scarff.id.au does not designate 121.27.142.217 as permitted sender) smtp.mail=xxx@scarff.id.au
Date: Thu, 01 May 2008 04:02:28 -0700 (PDT)
X-Originating-IP: [121.27.142.217]
X-Originating-Email: [xxx@xxxxxxxx.com]
X-Sender: xxx@xxxxxxxx.com
Message-Id: <20080501150227.5583.qmail@1FF8A9589B7343C>
To: <xxx@xxxxxxxx.com>
Subject: SALE 73% OFF on Pfizer
From: <xxx@xxxxxxxx.com>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

   ----- Message body suppressed -----

So, some spammer is using my mail address in the FROM reverse-path of his SMTP transactions (but the target address in the From mail header), and google is correctly rejecting it, indicated by “spf=hardfail”. However, the daemon sends a failure message to my mail address, which it thinks has been forged, because it thinks it was forged—for multiple days per original spam message. Ugh!

The google groups post I made on the topic would be a good place to offer some insight.

Leave a Reply

Your email address will not be published. Required fields are marked *