Google Blogoscoped


Gmail, SPF, and Email Forwarding ...

alek [PersonRank 10]

Monday, July 7, 2008
14 years ago8,273 views

So recently, I realized I wasn't getting any Email from a friend. Turns out he publishes SPF records for his domain ... and then it gets interesting.

Background: Like many people, I have me[put at-character here] as my public facing Email address. When Email comes into my server, I forwarded it to me[put at-character here] But since my friend has published SPF (Sender Policy Framework) records that say only his server is allowed to send Emails for "friend[put at-character here], gmail apparently rejects (silently buries actually!) the Email since it is forwarding through my server. Note that this is exactly what SPF is designed to prevent – spammers from sending Emails with your address.

But what I'm trying to do is pretty common ... so I'm surprised this issue hasn't surfaced before. Note that on my gmail account, I associate me[put at-character here] with my gmail account ... so perhaps there should be a recipient test applied before SPF is tested on the sender ... although this arguably defeats the purpose of SPF.

What's *really* strange is that if I look at the raw sendmail logs on my server, the Email from friend[put at-character here] comes in, and is forwarded to gmail ... with an "OK" as the response – i.e. the gmail MTA doesn't reject the message as it should. However, the Email then disappears – it's not even in my spam filter ... so there is no trace of the Email at all. Note that if my friend sends directly to me[put at-character here], it shows up ... since his domain sends direct and the SPF test is passed.

Again, my Email forwarding setup is very common – anyone else come across this problem and/or have a solution to it?

Ken [PersonRank 0]

14 years ago #

The best solution is that you switch from forwarding to remailing, so that the envelope sender is changed.

alek [PersonRank 10]

14 years ago #

Yea, I realize I would remail (I own/admin the server).. but then again, there's a ton of people out there who don't have access to their servers nor the technical knowledge to do this ... so I'm wondering if there is an easy solution out there for the "masses"

I.e. it seems to me that a lot of people would be affected by this, although SPF doesn't have a broad use yet ... so it would be subtle as it would be a small percentage of Emails.

Daniel J. Doughty [PersonRank 1]

14 years ago #

Alek, even though the MTA may give you an OK that is not a guarantee of delivery to an inbox or even to a spam inbox. When you're dealing with massively scaled mail systems spam filtering is applied at many levels. Since your email isn't coming from a blatantly bad IP, the first MTA will accept the mail and give you an OK. But then it will probably apply more logic to the delivery as it proceeds further along it's route.

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!