Score:0

Google SPF fails with some IPs

my flag

GMail MX are

  • ASPMX.L.GOOGLE.COM: 1
  • ALT1.ASPMX.L.GOOGLE.COM: 5
  • ALT2.ASPMX.L.GOOGLE.COM: 5
  • ASPMX3.GOOGLEMAIL.COM: 10
  • ASPMX2.GOOGLEMAIL.COM: 10

When checking for IPs for these names, each time your ask for a resolution you can hit differents IPs. Nothing strange here.

But some of them soft fail a standard SPF check for "gmail.com" domain.

How is this possible ?

example

my flag
That means that when checking for a SPF record, only the syntax can be verified, unless you actually send an email and test against the IP that was used for sending this email.
Score:2
fr flag
anx

It is possible because they are by design independently configurable. While not uncommon to use certain IP addresses and/or names for both sending and receiving mail, there is no necessity to do so.

If a certain address is found looking up mail exchanges for receiving mail, that alone does not tell you anything about whether that address will additionally be used for sending mail and should be designated as such in the relevant SPF record.

One thing worth double-checking, however, is any assumption that MX hosts are never sending mail. I often see both notifications ranging from worthless backscatter to somewhat-useful disposition notifications and out-of-office replies originating from hosts that their respective admin wrongly assumed as never sending mail.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.