[GLLUG] OT: GMail handling SPF records of forwarded messages

Jasper Wallace jasper at pointless.net
Sun May 22 08:44:46 UTC 2016 

On Wed, 18 May 2016, gvim via GLLUG wrote:

> Can anyone explain GMail's confusing handling of this SPF/forwarding scenario?
> 
> Email for:
> 
> jane at surname.uk.com
> 
> ... is forwarded via her domain host 123-Reg to:
> 
> jane.surname at gmail.com
> 
> .... which works fine for several years until she begins work at the NHS and
> finds staff using @nhs.net email addresses cannot get messages through to her
> via jane at surname.uk.com resulting in this bounce:
> 
> **************************************************
> A message that you sent has not yet been delivered to one or more of its
> recipients after more than 6 hours on the queue on smtp02.mailcore.me.
> 
> The message identifier is:     1b2glo-0004Lq-JX
> The date of the message is:    Tue, 17 May 2016 16:11:40 +0100
> The subject of the message is: Test on Tuesday 17 May
> 
> The address to which the message has not yet been delivered is:
> 
> jane.surname at gmail.com
>    (generated from jane at surname.uk.com)
>    Delay reason: SMTP error from remote mail server after end of data:
>    host alt3.gmail-smtp-in.l.google.com [64.233.189.26]:
>    421-4.7.0 [94.136.40.64      15] The SPF record of the sending domain has
> one or
>    421-4.7.0 more suspicious entries. To protect our users from spam, mail
> sent
>    421-4.7.0 from your IP address has been temporarily rate limited. Please
> visit
>    421-4.7.0 https://support.google.com/mail/answer/81126#authentication for
> more
>    421 4.7.0 information. s69si16983236ita.53 - gsmtp
> *******************************************************
> 
> 94.136.40.64 is the IP of one of 123-Reg's mailservers at mailcore.me but the
> bounce refers to this IP in the context of "the sending domain" which would be
> nhs.net. This is what's confusing me as the NHS admins assured Jane that there
> is nothing wrong with their SPF records.

The nhs.net spf record ends with +all, which means allow everything, which 
is probably whats triggering the issue. It should be -all, block 
everything, or ~all which is "softfail", which means "There might be 
valid emails coming from other places, not sure".

> I setup an SPF record for surname.uk.com at 123-Reg but it hasn't altered the
> problem with @nhs.net emails. A further complication is that emails from other
> origins are getting through to jane at surname.uk.com.
> 
> Any ideas?
> 
> gvim
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> GLLUG mailing list
> GLLUG at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gllug
> 

-- 
[http://pointless.net/]                          [0x416333590FC0E569]

More information about the GLLUG mailing list