British Expat Forum

Kay received two rather odd "Failed delivery" messages from Google Groups today.

The original email clearly wasn't from her at all - it was a spam. (Kay never uses Google Groups to send messages.) But there was a line in the header saying "domain of transitioning (ie Kay's email address) does not designate [the spammer's IP] as permitted sender".

So it looks as if our server (correctly) blocked the message from going out under Kay's email address. Well done, our server - on the face of it.

However, I'm now wondering whether this is just a back-door way of getting spam through, like this:

1. The spammer sends out a bulk message. Some get through, others are rejected.

2. Knowing that his message isn't getting through by conventional means, the spammer takes his list of recipients and uses those as transitioning addresses instead.

3. The spammer sends out his new bulk message. The message fails, and the transitioning addresses get failed delivery notifications, which include the spam. Message delivered.

Any thoughts?

This is a SPF (Sender Protection Framework) thing. The way I read that is that the server which blocked the message wasn't your server but the recipients, which saw that the DNS SPF records for the domain part of Kay's address didn't include the address the spammer was sending from and thus rightly flagged the message as spam. Do your SPF records have ~all in them because you can stop softfails by changing that to -all as long as you will never need to send via a different server.

Other than that it's basically the old spammer trick of using another address in the list of victims as the faked sender address so the recipient can't filter by sender. Used to lead to angry exchanges between recipients and the impersonated sender but as so many addresses on spam lists are imaginary anyway (just perm a list of forenames with a list of surnames @targetdomain) that's mostly gone away.

Thanks, JJ. There's just one email I can think of that comes via a different server, but that's our monthly newsletter - sent by MailChimp, but the From header is nobody AT britishexpat.com - so I think we're probably going to have to leave things as they are.

If you know the sending addresses or host names that MailChimp use you can add those to your SPF records.

I'll give it a try, but not this month - we're due to send out in the next few hours, and I think it's probably better to send the thing out and then start tinkering.