It’s a shame, really, but we’ve decided not to accept connections from Gmail servers.
Why? It’s really simple; Gmail has decided not to include the originating IP of the mail.
Most legitimate web-based email services include the IP address of the originating machine, either in an X-Originating-IP: or like header field, or within an additional Received: header field. That way, in the event someone does something stupid (sends spam, makes threats, insults others, whatever), it’s possible to contact the upstreams of the originating server.
Doesn’t happen often, you say? Poppycock…we received probably fifteen 419 spams (“Hello, I’m so-and-so from Nigeria; you don’t know me, but I want to give you $60,000,000!”) from yahoo.com throwaway addresses in the last week alone. But Yahoo! includes the originating IP as the final Received: header field, so it’s easy to know where to send complaints. We got a bunch from Hotmail this week as well…but thanks to Hotmail’s X-Originating-IP: header field, no question to whom to complain. (And for whatever it’s worth, Hotmail is more efficient in removing the miscreant accounts than Yahoo is.)
But some non-standard web-mail services, like fastmail.fm, don’t include this information. So we don’t accept mail from those services into our server. Yes, certainly, it affects legitimate users of the service. But I need to protect the addresses on our server…anyone who’s mail is rejected is welcomed to use their “real” email address to mail into the server, or a free email account from a better-behaved service.
Since Gmail is still listed as, “limited,” we’ve been debating both internally and with other mail administrators on the Internet what to do about the lack of this information. We finally decided that, in complete fairness, if we’re rejecting mail from MyOwnEmail.com because they don’t include this information, we can’t very well accept Gmail mail if that information isn’t there. And we will continue to reject mail from any email system which we determine to be omitting or obfuscating this important information.
Do we check the origination of every message? Of course not. But should we have the ability to do so to protect our users and see that those who abuse our server by mailing cruft into it are reported? Absolutely. If Gmail begins adding this information to their mail, we will resume accepting their mail. Until they do, we won’t.
And this isn’t, “misinformation about Gmail” as they’d like you to believe all complaints about their service are, this is easily-validated information. Simply view full headers of any email coming from the Gmail servers, and you’ll see the trace stops at the internal LAN IPs of their machines.
If you’re a Gmail user, please complain to them about this issue, since I know we are not the only mail system to reject mail for this reason, and likely more will follow. Feel free to send them a link to this blog entry so they might understand we’re not rejecting to be mean, we simply can’t accept their users’ mail until they play nicely.