If you happen to have noticed that you aren't getting any email
directly from me, or other people who set an SPF policy for their
domain, the reason might be this:
<redacted>: host gmail-smtp-in.l.google.com[74.125.140.26] said:
550-5.7.26 The MAIL FROM domain [sss.pgh.pa.us] has an SPF record with a hard
550-5.7.26 fail policy (-all) but it fails to pass SPF checks with the ip:
550-5.7.26 [redacted]. To best protect our users from spam and phishing,
550-5.7.26 the message has been blocked. Please visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more
550-5.7.26 information.
I've been seeing these bounces from a number of PG people for a couple
of months now. The messages didn't use to be quite this explicit, but
it seems absolutely clear now that <redacted>'s private email domain is
trying to forward his email to a Gmail account, and it ain't working
because the mail's envelope sender is still me. Gmail looks at my SPF
record, notes that the mail is not coming from my IP address, and
bounces it. Unfortunately it bounces it to me, who can't do anything
about the misconfiguration.
If you want to do this kind of forwarding, please fix your mail
processing recipe so that the outgoing envelope sender is yourself,
not the incoming sender.
For extra credit, you could lobby Gmail to think a bit harder about
who they send bounces to. From my perspective this behavior is not
much better than a spam amplifier.
regards, tom lane
