On 2025-09-18 18:59, Scott Q. via mailop wrote:
Would you guys mind sharing the blocks you are throttling / blocking ?
For our purposes. This is a process. The blocks we maintain are ever-changing.
minute-to-minute, day-to-day, ...IOW unless you intend to maintain the block, read; monitor. You'll potentially be blocking innocent IPs. IOW our block containing the bc.googleusercontent.com IPs are not contiguous CIDR's. There are many /32's. We add and remove IPs from this block all day. In fact, I see we some 100,000 slated to be added shortly. IMHO for your perceived purposes. You might (as we already do) simply set your MX to REJECT
on bc.googleusercontent.com. FWIW it's currently at 1,416,389 single IPs with ~100,000 to add. HTH --Chris
What we did for now is simply looking up the PTR for any 34/8 and 35/8 connecting IP and if it ends with googleusercontent.com give it some spam points. Thanks! Scott On Thursday, 18/09/2025 at 16:06 Chris via mailop wrote: On 2025-09-18 08:34, Michael Peddemors via mailop wrote:*.googleusercontent.com should not only not be sending email (eitherchangePTR, or use a relay) so you can go beyond scoring, and simply reject. Also, given the history of abuse and/or compromises, we alsorecommend thatyou do NOT allow email authentication from those IPs, except as permittedin anallow .acl. Make sense?I concur. We've been dropping packets originating from them without so much as an ACK for some 5yrs. Without *any* repercussions. Just reject. Your life will be much better for it. :)On 2025-09-16 07:58, Scott Q. via mailop wrote:Sorry for reviving an older thread, we are still battling thisGoogle spamissue. Anyone else scoring e-mails directly received from IPs with a PTRof*.googleusercontent.com ? Any downside to doing this ? Gmail/Workspace doesn't use that PTR but are there legitimateservices that do ? Thanks! Scott On Thursday, 04/09/2025 at 16:21 Alex Burch wrote: They might have legacy accounts where port 25 isunblocked. I thinkInfusionsoft/Keap had their IPs hosted at GCP at one pointand theyhad the port 25 block lifted to send with them. Thanks, Alex -- Alexander Burch ActiveCampaign / Senior Deliverability Engineer [email protected] 1 North Dearborn St Suite 500, Chicago IL, 60602 On Thu, Sep 4, 2025 at 9:12 AM Scott Q. via mailop wrote: I get that, but the question is more whether GCPblocks outboundport 25 or not. Their docs say they are blocking it:https://cloud.google.com/compute/docs/tutorials/sending-mailyet we see evidence to the contrary. Surely it's aconfigurationmistake somewhere (?). Maybe someone from Google can shed some light onthis.Thanks! On Thursday, 04/09/2025 at 11:25 Michael Peddemorsvia mailopwrote: Careful.. the list admins don't like ususing this list tocomplain about spam, but yeah.. Anything with a PTR of1.132.64.34.bc.googleusercontent.com. is suspect, and should be rejected (port 25) ... Standard ruleset for a couple of years..but even moreimportant, is the number of IPs in those ranges used in emailhacking, and BECCompromise attacks. You might even like to block attempts toother ports bydefault, and create a 'permitted' acl for IPs in thoseranges forlegitimate use. On 2025-09-04 07:55, Scott Q. via mailopwrote:> Anyone else seeing an uptick lately ofSpam e-mailsoriginating from > these ranges ? > > 34.64.132.0/22 > 35.240.0.0/13 > > Mostly e-mails with: Content-Type:text/plain;charset="iso-2022-jp" > > What's interesting is that GCP hasoutbound port 25blocked by default > yet these hosts are able to dodirect-to-mx deliveries.> > If anyone from Google is reading this- can you have a look? > > Thanks! > Scott > > >_______________________________________________> mailop mailing list > [email protected] >https://list.mailop.org/listinfo/mailop-- "Catch the Magicof Linux..."------------------------------------------------------------------------Michael Peddemors, President/CEO LinuxMagicInc.Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Infohttp://www.wizard.ca"LinuxMagic" a Reg. TradeMark of WizardTower TechnoServicesLtd.------------------------------------------------------------------------604-682-0300 Beautiful British Columbia,Canada_______________________________________________mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop-- "Catch the Magic of Linux..."------------------------------------------------------------------------Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.------------------------------------------------------------------------604-682-0300 Beautiful British Columbia, Canada _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
0xE512722F.asc
Description: application/pgp-keys
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
