I Can't disclose full details but here goes an example ( with personal info redacted ):
Mailserver relevant log line of the first mail delivery with SMTP auth (customer clearly using gmail as a smtp client ): [datetime redacted] 1ndwjl-0005ON-58 <= [redacted-from]@domain.dom H= mail-oa1-f52.google.com [209.85.160.52]:42927 P=esmtpsa X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no A=dovecot_plain:[redacted-from]@domain.dom S=20498654 id=[redacted]@ mail.gmail.com T="[redacted subject]" for [redacted-to]@domain.dom And the relevant lines the recipient got when he retrieved the message with pop3 from gmail: Received-SPF: softfail (google.com: domain of transitioning [redacted-from]@domain.dom does not designate 209.85.160.52 as permitted sender) client-ip=209.85.160.52; Received: by 2002:a05:600c:1c89:b0:38e:54d0:406c with POP3 id k9-20020a05600c1c8900b0038e54d0406cmf13922351wms.3; Mon, 11 Apr 2022 09:19:12 -0700 (PDT) X-Gmail-Fetch-Info: [redacted-to]@domain.dom 2 mail.domain.dom 995 [redacted-to]@domain.dom Both sender and recipient are on the same domain ( let's call it "domain.dom" ) that is hosted externally to gmail but use gmail as a mail client. If this isn't wrong ... On Wed, Apr 13, 2022 at 10:09 PM Noel Butler via mailop <mailop@mailop.org> wrote: > On 14/04/2022 01:02, Paulo Pinto via mailop wrote: > > Hi all. > > Why on earth is gmail checking the IP address of the message sender (ISP > assigned home address, for instance) against the sender's domain SPF > without the ability of checking if that original delivery was done using > SMTP authentication ( hence voiding the need for that IP being part of the > SPF record ) ? > > > I know its early i morning and I;m only just now taking my first sip of > coffee, but, err... this is what SPF does, checks sebder is allowed to > send as XYZ, smtp authed users sender from mail server and its in senders > domain, all fine there > > > > > Moreover, why on earth is gmail doing a SPF check ( that should ONLY be > done during the smtp conversation ) during a pop3 retrieval ?! > > If there is anyone here from gmail ... fix that please. > > > That however is not fine, it should already have done the spf check, are > you certain it is doing it in pop transaction or just guessing? > > Pasting a short snippet of your evidence might help someone take notice. > > > -- > > Regards, > Noel Butler > > This Email, including attachments, may contain legally privileged > information, therefore at all times remains confidential and subject to > copyright protected under international law. You may not disseminate this > message without the authors express written authority to do so. If you > are not the intended recipient, please notify the sender then delete all > copies of this message including attachments immediately. Confidentiality, > copyright, and legal privilege are not waived or lost by reason of the > mistaken delivery of this message. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- -- Paulo Azevedo
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop