> It appears that Andreas Schamanek via mailop <scham...@fam.tuwien.ac.at> said: > > > >Hi mailops, > > > >Thought some might be interested, though those affected sure already > >know: > > > >On January 25 I was alerted to false positives due to Spamhaus SBL > >listing IP addresses of fonts.googleapis.com.
The IP addresses for "fonts.googleapis.com" are: 142.250.217.106 2607:f8b0:400a:800::200a > Are those IPs supposed to send mail? If not, why would an SBL listing, even > a mistaken one, matter? I did some digging, and this is what I found with regard to a few of Google's domain names (since Andreas Schamanek's original query to this mailing list didn't mention any of the senders' domain names): 1. the SPF record for "googleapis.com" hard fails everything (so I wouldn't be expecting any eMails from addresses at googleapis.com): SPF policy analysis --> hardfail with -all https://www.openspf.ca/tools/analyze-spf.perl?z=googleapis.com 2. the SPF record for "google.com" doesn't allow mail from the aforementioned IPv4 address of 142.250.217.106, but it does allow mail from the IPv6 address 2607:f8b0:400a:800::200a: SPF policy analysis --> pass for 2607:f8b0:4000::/36 https://www.openspf.ca/tools/analyze-spf.perl?z=google.com 3. the SPF record for "gmail.com" yields the same inclusion as for "google.com" (which is not surprising), and gives a pass only for the IPv6 address: SPF policy analysis --> pass for 2607:f8b0:4000::/36 https://www.openspf.ca/tools/analyze-spf.perl?z=gmail.com So, it doesn't seem to matter about eMail from fonts.googleapis.com (there's no SPF record for this third-level "fonts") as there obviously shouldn't be any coming from that domain name at either the second-level (as per policy) or the third-level (as per an educated guess based on the fact that Google publishes SPF records). SPF policy test -- soft fail (yellow) for "fonts.googleapis.com" https://www.openspf.ca/why.perl?id=nobody%40fonts.googleapis.com&ip=142.250.217.106 SPF policy test -- hard fail (red) for "googleapis.com" https://www.openspf.ca/why.perl?id=nobody%40googleapis.com&ip=142.250.217.106 As for eMail from other domains on those IP addresses, it's difficult to say, but since both the IPv4 and IPv6 addresses mentioned are owned by Google (according to WHOIS queries), I think it's reasonable to assume that, for their main domain names, Google doesn't intend to send eMail from the IPv4 address and may have included the IPv6 address as a side-effect of being concise by specifying larger netblocks in their SPF records. (Of course, for more certainty it would be prudent to ask Google's NOC directly.) -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, Beautiful British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop