> It appears that Andreas Schamanek via mailop <[email protected]> said:
> >
> >Hi mailops,
> >
> >Thought some might be interested, though those affected sure already
> >know:
> >
> >On January 25 I was alerted to false positives due to Spamhaus SBL
> >listing IP addresses of fonts.googleapis.com.
The IP addresses for "fonts.googleapis.com" are:
142.250.217.106
2607:f8b0:400a:800::200a
> Are those IPs supposed to send mail? If not, why would an SBL listing, even
> a mistaken one, matter?
I did some digging, and this is what I found with regard to a few of
Google's domain names (since Andreas Schamanek's original query to
this mailing list didn't mention any of the senders' domain names):
1. the SPF record for "googleapis.com" hard fails everything
(so I
wouldn't be expecting any eMails from addresses at googleapis.com):
SPF policy analysis --> hardfail with -all
https://www.openspf.ca/tools/analyze-spf.perl?z=googleapis.com
2. the SPF record for "google.com" doesn't allow mail from the
aforementioned IPv4 address of 142.250.217.106, but it does allow
mail from the IPv6 address 2607:f8b0:400a:800::200a:
SPF policy analysis --> pass for 2607:f8b0:4000::/36
https://www.openspf.ca/tools/analyze-spf.perl?z=google.com
3. the SPF record for "gmail.com" yields the same inclusion as
for
"google.com" (which is not surprising), and gives a pass only for the
IPv6 address:
SPF policy analysis --> pass for 2607:f8b0:4000::/36
https://www.openspf.ca/tools/analyze-spf.perl?z=gmail.com
So, it doesn't seem to matter about eMail from fonts.googleapis.com
(there's no SPF record for this third-level "fonts") as there
obviously shouldn't be any coming from that domain name at either the
second-level (as per policy) or the third-level (as per an educated
guess based on the fact that Google publishes SPF records).
SPF policy test -- soft fail (yellow) for "fonts.googleapis.com"
https://www.openspf.ca/why.perl?id=nobody%40fonts.googleapis.com&ip=142.250.217.106
SPF policy test -- hard fail (red) for "googleapis.com"
https://www.openspf.ca/why.perl?id=nobody%40googleapis.com&ip=142.250.217.106
As for eMail from other domains on those IP addresses, it's
difficult to say, but since both the IPv4 and IPv6 addresses
mentioned are owned by Google (according to WHOIS queries), I think
it's reasonable to assume that, for their main domain names, Google
doesn't intend to send eMail from the IPv4 address and may have
included the IPv6 address as a side-effect of being concise by
specifying larger netblocks in their SPF records. (Of course, for
more certainty it would be prudent to ask Google's NOC directly.)
--
Postmaster - [email protected]
Randolf Richardson, CNA - [email protected]
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
