Hello! lately we had some website hacking breakin and bots being used to
proxying abuse, etc. For to fight the abuse gathered IP addrs from
server logs many of which including Google IP address ranges.
I have to firewall bot and other bad IPs but dont want to firewall Gmail
sending IPs. My memory telling me usually Gmail coming from IP addrs
like 209.85.x.x (PTR ending google.com).
Abusing IPs were different, like Google Cloud and some "proxy" things.
For example, in 35.x.x.x (PTR ending googleusercontent.com) and in
74.125.x.x (PTR *starting* (not ending) google-proxy or
rate-limited-proxy)
Problem comes that I looked in Google/Gmail SPF and find some overlap. I
didn't do direct SPF validate of each bot IP but it seems Gmail SPF is
verry broad to include some abuse IPs that donot actual send any Gmail
in reality.
Is there anyone to help clarify such problem? Should run SPF check on
every bot IP (1000s) to check for certain? (shellscript to do it?) Is
there a more real subset of Google SPF that really sending mail?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
