gmail issue

Merrill Oveson moveson at
Thu Aug 16 17:06:19 MDT 2012

On Thu, Aug 16, 2012 at 4:54 PM, John Shaver <bobjohnbob at> wrote:
> On Thu, Aug 16, 2012 at 4:09 PM, Merrill Oveson <moveson at> wrote:
>> Pluggers:
>> Pretend we are xyz company.  So my email is moveson at  xyz
>> email is hosted thru gmail.
>> Some of our users got an email from support at
>> Now our support team never send the email.  It's obvious spam.
>> The question is: If we flag the email as spam, are you flagging
>> support at as spam,
>> or is gmail smart enough to know to flag the sent from ip address?
> This is called email spoofing.  If wanted to, I could send you an
> email as bill at and it would come through fine.  If they
> flag it as spam, then, in most spam systems, it will affect legitimate
> emails from the same email address.
> The most common defense I've seen people try to use for this is SPF
> records.  You can specify SPF information in your DNS TXT records that
> specify which servers are allowed to send out mail from your domain.
> Unfortunately, people don't always send email out through your SMTP
> server.  When they are away from the office, they may want to send
> mail from their home connection and their ISP may require them to send
> out mail via their SMTP server and block ports otherwise (this is very
> common among the big ISPs).  This means that legitimate mail will be
> flagged due to SPF records.   I see very few large companies using
> solid SPF records on their domain for this reason.  Most are just set
> to flag, but not deny mail from other servers.
> The other issue is that many mail servers do not even check SPF
> records and aren't required to, although I think most do.
>> It drives me crazy that gmail doesn't show the full headers.
> Even if you showed full headers, it would be very difficult to know
> who the mail actually came from and if it was legitamate if you don't
> know how to read email headers and see what servers we can confirm
> they went to (gmails servers only know which server handed them the
> mail, any other relays could be faked in the headers).
> More info on email spoofing:
> and Sender Policy Framework:
> -John Shaver
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

Thanks for the responses...

Yeah, I have an spf1 record in my DNS for our domain.
I guess gmail didn't bother to read it, or it's set up wrong.  ?

ie.:        v=spf1 a mx ?all

Or does gmail require a special spf1 record setup in their DNS?

More information about the PLUG mailing list