> It appears that Andreas Schamanek via mailop <scham...@fam.tuwien.ac.at> said:
> >
> >Hi mailops,
> >
> >Thought some might be interested, though those affected sure already 
> >know:
> >
> >On January 25 I was alerted to false positives due to Spamhaus SBL 
> >listing IP addresses of fonts.googleapis.com.

        The IP addresses for "fonts.googleapis.com" are:
                142.250.217.106
                2607:f8b0:400a:800::200a

> Are those IPs supposed to send mail?  If not, why would an SBL listing, even
> a mistaken one, matter?

        I did some digging, and this is what I found with regard to a few of 
Google's domain names (since Andreas Schamanek's original query to 
this mailing list didn't mention any of the senders' domain names):

                1. the SPF record for "googleapis.com" hard fails everything 
(so I 
wouldn't be expecting any eMails from addresses at googleapis.com):

                        SPF policy analysis --> hardfail with -all
                        
https://www.openspf.ca/tools/analyze-spf.perl?z=googleapis.com

                2. the SPF record for "google.com" doesn't allow mail from the 
aforementioned IPv4 address of 142.250.217.106, but it does allow 
mail from the IPv6 address 2607:f8b0:400a:800::200a:

                        SPF policy analysis --> pass for 2607:f8b0:4000::/36
                        
https://www.openspf.ca/tools/analyze-spf.perl?z=google.com

                3. the SPF record for "gmail.com" yields the same inclusion as 
for 
"google.com" (which is not surprising), and gives a pass only for the 
IPv6 address:

                        SPF policy analysis --> pass for 2607:f8b0:4000::/36
                        
https://www.openspf.ca/tools/analyze-spf.perl?z=gmail.com

        So, it doesn't seem to matter about eMail from fonts.googleapis.com 
(there's no SPF record for this third-level "fonts") as there 
obviously shouldn't be any coming from that domain name at either the 
second-level (as per policy) or the third-level (as per an educated 
guess based on the fact that Google publishes SPF records).

                SPF policy test -- soft fail (yellow) for "fonts.googleapis.com"
                
https://www.openspf.ca/why.perl?id=nobody%40fonts.googleapis.com&ip=142.250.217.106

                SPF policy test -- hard fail (red) for "googleapis.com"
                
https://www.openspf.ca/why.perl?id=nobody%40googleapis.com&ip=142.250.217.106

        As for eMail from other domains on those IP addresses, it's 
difficult to say, but since both the IPv4 and IPv6 addresses 
mentioned are owned by Google (according to WHOIS queries), I think 
it's reasonable to assume that, for their main domain names, Google 
doesn't intend to send eMail from the IPv4 address and may have 
included the IPv6 address as a side-effect of being concise by 
specifying larger netblocks in their SPF records.  (Of course, for 
more certainty it would be prudent to ask Google's NOC directly.)

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to