This is in fact how they do it, and it is quite objectively wrong. SPF
is only useful when checking the connecting IP, but since they're not
receiving the mail they miss out on that transaction. Reasonable logic
would dictate that one should give up attempting to check SPF at that
stage or, at the very least, become much better at reading those
Received headers with automation. Google has opted for neither, and so
this is a common issue.
On 2022-04-13 10:02, Paulo Pinto via mailop wrote:
Hi all.
Why on earth is gmail checking the IP address of the message sender
(ISP assigned home address, for instance) against the sender's domain
SPF without the ability of checking if that original delivery was done
using SMTP authentication ( hence voiding the need for that IP being
part of the SPF record ) ?
Moreover, why on earth is gmail doing a SPF check ( that should ONLY
be done during the smtp conversation ) during a pop3 retrieval ?!
If there is anyone here from gmail ... fix that please.
--
Paulo Azevedo
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
