Google doesn't get SPF

Someone has decided to use my email address for a spam source.  They have even used google to relay it which, given Googles current policies seems like a winning idea.

I keep getting emails from Google’s servers with header lines like this:

X-Original-Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 66.80.26.66 as permitted sender)

You don’t say? You mean even though my SPF records do not include some dodgy server in California, even though Google knows I don’t include this in my SPF records… well we will let the email go through anyhow.

SPF records mean that’s where my email comes from. If the record has a -all at the end of it, like mine do, then it means don’t accept it from anywhere else. The hardfail means Google sees the -all and still does nothing about it.

Enhanced by Zemanta