> > The example i saw last week was from "Google Audit" <secure@googletechteam. > > co.uk>, was DKIM signed and valid [but obviously not by Google's key :)] > > and was asking a user to verifiy thier account... URIs weren't blacklisted > > at the time. > > My thought process was that emails with Google in the Senders Name or email > > address should only really originate from IP addresses / ASN's Google own ( > > initial invesgation suggest gmail.com comes from AS15169 thought I've not > > thrown a wide net yet). > > how do you come to that strange conclusion? > > that is a domain as any other and "with Google in the Senders Name or > email address should only really originate" is by all respect pure > nonsense - DKIM, SPF and DMARC are about *domains* and not *partly > matches* of some special handeled large companies > _________________________________ > > Domain name: > googletechteam.co.uk > > Registrant: > Alexander Duffus > > Registrant type: > UK Individual > > Registrant's address: > Bury House > Royston > Hertfordshire > SG8 8QB > United Kingdom >
In my mailflow I believe it to be very unusual for a domain / sender to have Google in it and not orignate from Googles network. The example I gave originated from 217.199.161.224 (ASN 20738 - Webfusion Internet Solutions) and had *google* in the domain, to me that's something I want to have visability of. Overall, while i appericate your efforts and discussions about the validatility of my objectives, what I'm really after is how can I query the X-ASN header? If this turns out to be a waste of time I'll be the first to let you know. Many thanks Steve
