[mailop] Gmail not accepting the spam they sent themselves

Sat, 02 Nov 2024 09:48:30 -0700 

Hi folks,
today I noticed a spam wave sent through Gmail accounts - Gmail happily pushes the spam into our users inboxes, but some of our addresses are role accounts which forward to personal Gmail accounts. 

So this is what we get when trying to forward such a piece:

421-4.7.28 Gmail has detected an unusual rate of mail originating from your DKIM
421-4.7.28 domain [gopa.pobretv.soy      36]. To protect our users from spam,
421-4.7.28 mail sent from your domain has been temporarily rate limited. For
421-4.7.28 more information, go to
421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to
421 4.7.28 review our Bulk Email Senders Guidelines. 
4fb4d7f45d1cf-5ceac81993esi4035932a12.645 - gsmtp

And this is how this came to our system (redacted):

Nov  2 17:00:21 localhost postfix/smtpd[2112960]: 89DAE1202DF: 
client=mail-ej1-f69.google.com[209.85.218.69]

Nov  2 17:00:21 localhost postfix/cleanup[2116799]: 89DAE1202DF: 
message-id=<cak+kxv4vkx1n2tl5f9vrgxi9hd3qkunhpq60shp97jusrzp...@mail.gmail.com>
Nov  2 17:00:21 localhost postfix/qmgr[2947926]: 89DAE1202DF: 
from=<nse+bncbdjjppf26ifrbt4ttg4qmgqex7hq...@gopa.pobretv.soy>, size=10280, nrcpt=1 (queue active)
Nov  2 17:00:22 localhost postfix/lmtp[2112353]: 89DAE1202DF: to=<redacted>, relay=127.0.0.1[127.0.0.1]:10024, 
delay=0.73, delays=0.3/0/0/0.42, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: 
queued as 28C56120330)

Nov  2 17:00:22 localhost postfix/qmgr[2947926]: 89DAE1202DF: removed


The sending domain has a Google site verification DNS entry and has its MX at Google, so they can't really claim that 
they have no relation to the spammer at all...



Looking back through the logs, I find matching incidents from more than a month ago, probably there were more earlier 
but we don't keep logs that long.



At least I now have a pattern to match against. Sadly blocking Gmail altogether isn't an option, though the amount of 
trouble they're causing would be good reason to do it.


Cheers,
Hans-Martin

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to