Why Our Mail Server is No Longer Accepting Gmail…

It’s a shame, really, but we’ve decided not to accept connections from Gmail servers.

Why? It’s really simple; Gmail has decided not to include the originating IP of the mail.

Most legitimate web-based email services include the IP address of the originating machine, either in an X-Originating-IP: or like header field, or within an additional Received: header field. That way, in the event someone does something stupid (sends spam, makes threats, insults others, whatever), it’s possible to contact the upstreams of the originating server.

Doesn’t happen often, you say? Poppycock…we received probably fifteen 419 spams (“Hello, I’m so-and-so from Nigeria; you don’t know me, but I want to give you $60,000,000!”) from yahoo.com throwaway addresses in the last week alone. But Yahoo! includes the originating IP as the final Received: header field, so it’s easy to know where to send complaints. We got a bunch from Hotmail this week as well…but thanks to Hotmail’s X-Originating-IP: header field, no question to whom to complain. (And for whatever it’s worth, Hotmail is more efficient in removing the miscreant accounts than Yahoo is.)

But some non-standard web-mail services, like fastmail.fm, don’t include this information. So we don’t accept mail from those services into our server. Yes, certainly, it affects legitimate users of the service. But I need to protect the addresses on our server…anyone who’s mail is rejected is welcomed to use their “real” email address to mail into the server, or a free email account from a better-behaved service.

Since Gmail is still listed as, “limited,” we’ve been debating both internally and with other mail administrators on the Internet what to do about the lack of this information. We finally decided that, in complete fairness, if we’re rejecting mail from MyOwnEmail.com because they don’t include this information, we can’t very well accept Gmail mail if that information isn’t there. And we will continue to reject mail from any email system which we determine to be omitting or obfuscating this important information.

Do we check the origination of every message? Of course not. But should we have the ability to do so to protect our users and see that those who abuse our server by mailing cruft into it are reported? Absolutely. If Gmail begins adding this information to their mail, we will resume accepting their mail. Until they do, we won’t.

And this isn’t, “misinformation about Gmail” as they’d like you to believe all complaints about their service are, this is easily-validated information. Simply view full headers of any email coming from the Gmail servers, and you’ll see the trace stops at the internal LAN IPs of their machines.

If you’re a Gmail user, please complain to them about this issue, since I know we are not the only mail system to reject mail for this reason, and likely more will follow. Feel free to send them a link to this blog entry so they might understand we’re not rejecting to be mean, we simply can’t accept their users’ mail until they play nicely.

This entry was posted in General, News. Bookmark the permalink.

10 Responses to Why Our Mail Server is No Longer Accepting Gmail…

  1. Laurent says:

    As far as I know, the message ID of a mail is enough for a mail service provider to identify the original sender of a message if it’s one of their users. So, there’s no reason for them to communicate the IP of the sender : as long as your spam account closing request contains the message full headers they will be able to engage action against the bad behaving user. I fail to see why the IP address gives you any more clue that the provider will handle the case more efficiently ?
    And if you are talking legal action, the IP is not enough by itself since it can perfectly be spoofed so a judge will rely on the mail service provider’s information anyway. In all cases, the availability of the IP address doesn’t seem to me to be such a big problem as far as the mail service provider can be given enough information to identify their bad behaving user.

    I find this amusing coming from someone who allegedly has a Hotmail address, since Hotmail routinely adds a X-Originating-IP: header field to all email, and it doesn’t seem to have caused you any problem at all…

    Certainly Gmail can tell who their users are and where they are coming in from, but I can’t without Gmail including it. I don’t care if Gmail closes the account, I want to complain to the netblock which originated the message. You seem to be under the mistaken impression that I should complain to Gmail alone if one of their users does something stupid…that simply isn’t the case, as the owner of the original netblock should be informed and take action as well. As to the originating IP being forged, it can’t be so long as the routers between the offender and Gmail are properly programmed – even if it’s a trojaned machine, the netblock owner should shut down the offender’s connection until the issue is resolved. Clearly you don’t understand the possible issues here; if someone has been banned from one of the mailing lists on our server, for example, he/she could easily use Gmail to get back on, again and again, since there’s no way to tell what netblock the originator is on.

    Just as I wouldn’t accept a web connection without knowing I should complain to, say, Tiscali should that dynamically-allocated IP connection spam, offend, or otherwise do something against the TOS/AUP of the service (which may be wildly different from the Gmail TOS), I’m not going to accept email unless I know from what IP the email originated. Not what service delivered it to my server, but where the person was when they clicked the “send” button. I don’t particularly care if Gmail is a “good citizen” and closes accounts…I’m concerned about the miscrient losing his or her Internet connection with Verizon, or UUNet, or, Tiscali, or RoadRunner, or…

  2. Tom Brook says:

    I also find the lack of Sender IP in gmail messages seriously annoying… However not yet to the extent of blocking from my servers, but I will complain to gmail.

    Tom – http://www.mouselike.org

  3. Tom Brook says:

    My comment in the feedback and ideas form for Gmail beta.

    “I have a new idea:”
    Including the Originating IP in message headers… I find it seriously irritating (as a reciever of messages from gmail, and a user of gmail) that this small bit of information is not included.. Generally I like to find out what countries enquiries about my service come from.. in normal mail clients and hotmail, operamail etc… there is a header entry containing the senders ip.. thus allowing me to locate their country, ripe, arin etc..

    Gmail is missing this information.. and I have also in my searching, found other users and mail administrators who find this omission annoying..
    Is this planned to be added later in the beta / final product? If not then I would also be interested to know why not.

    Thanks and I look forward to your reply.

    Tom Brook – Mouselike.org

    I wonder if I will get a reply.. earier on in the beta I got a standard copy / paseted reply (from a person though! it took a few days) on some technical question I asked… they then added the question to their FAQ (to do with searching partial words).
    So maybe there is a human there.. We will see :P

    Tom – http://www.mouselike.org

    I’d be interested to know what, if any, response you get. –cfs3

  4. anonymous says:

    If you don’t like the e-mail standard, apply to the IEEE to change it, and issue an RFC. Don’t lock hundreds of users out of your backwater mail server in a fit of pique. GMail probably hasn’t responded to you because they’re playing by the established rules and you are making shit up.

    It’s bothersome to have to deal with someone who doesn’t know how to keep a civil tongue in his head, and feels the need to use an anonymizer to hide himself…I have no respect for people who feel the need to slink around the Net out of fear they might be identified for…what they are.

    Next time you feel the juvenile need to swear, do it on your own “backwater server,” little boy. You may come back here when you grow up, and not a minute before. –cfs3

  5. Chris says:

    Its annoying. If Google starts to become hotmail then we use it?
    Thats what we like all supporters of google was the freedom.
    The internet is his users. Take an example from the hijacking of the internet domain names before some time. Noone can own the net
    and I m glad that there are people who see behind the box.

    There s nothing püersonal I love google being an active developer for years.

    The bottom line is this:
    Because the 60% that uses gmail dont know what a header is dont means
    that u can hide the sender address behind u private routers.

    I think that goggle must not start play God and think that because
    started gmail, email will become a lan google network feature.

    Must remember that as fast as u go up as fast u can go down.

    So stop fighting about obvious things.
    Nomatter even wat the drafts say email works with the ip of the sender.
    MTAs use this and of story.

    And in the end yes I ll consider to block this from my whole network.
    No I do not want to have a private assigned ip sender adress messing
    arround in my mta. Private addresses are not for use to communicate in
    any way with external nets if they are internal.

    Whats next? Hide the IANNA ip whois service?

    Be real ppl:)

  6. Tim says:

    Gmail > Any other email service

  7. Bogon says:

    Actually I find it a bit of a relief. Now I can toy with 419 scammers without the annoyance of hiding my originating address from violent criminals. I can mock them safely from the highspeed comfort of my cable modem connection without gmail locking my account for multiple-IP access:


    Admittedly, other than probably mispelling that word and the spelling word, I’m new at scam baiting. Sure sure it’s not as “effective” at stopping them but most people prefer reading about 419 capers than processing NOC abuse messages. :D

    Abuse is abuse; you are exactly the kind of person we want to avoid. Our mailing lists have been abused too many times to deal with immature nonsense like that. –cfs3

  8. Andrew says:

    The fact of that matter is, nobody knows how gmail operates. Yes, you can assert and confirm that gmail doesn’t include the originating IP. However, can you assert that they don’t keep track of this data? No. They very well may, in which case they would probably release the information if pressured by the proper authorities ie police for harassment and threats, and you guys for the entire spam issue. Not including an IP is just as much of a feature as including it. IPs are geographical, and if you are writing someone an email they don’t necessarily have the right to know where you are sending it from.

    Possibly…but as the operator of the inbound mail server, I don’t have to accept any mail which hides its origination. Whether Gmail maintains the data or not is not relevant; if I cannot have access to it, I won’t accept the mail.

  9. Becky says:

    Have you seen this site? Very interesting.


  10. sheldon says:

    My ISP doesn’t change IP addresses for months. So an IP address doesn’t just identify the originator today but it does so for months at a time.

    I don’t want them to put the IP address in my email. Or if they do, I want them to make this fact known in big bold letters. I’ve got no problems with them populating other fields in the headers that ID the ISP and even the city and country.

    This policy is a change from my earlier ISPs.

    [NB: I usually delete comments from people who post obviously-phony email addresses since they are cowards who clearly lack the courage to stand behind what they type, but I’m making an exception here.

    Anyway, that’s fine; just don’t expect to mail into my server unless you use your rogers.com account; use Gmail, and your mail will not be accepted.

    Here’s the deal; you want anonimity, but I need to protect my server and clients. You want to hide, and that’s fine, but I have every intention to know who is mailing into my server…you don’t like it, that’s fine, but you won’t be able to communicate with anyone here.

    And a number of other mail servers are taking the same tact. See http://www.google-watch.org/gmail.html to see what I mean.

    Honest, I understand that you personally don’t want to cause trouble, or harass my clients and users, or involve yourself in mischief. But you know as well as I do there are such users out there…I have no intention of making it easy for them. –cfs3]

Leave a Reply