Received: from wl23-f168.wedos.net (wl23-f168.wedos.net. [2a02:2b88:1:4::27])
by mx.google.com with ESMTPS id t9si28084548eeo.35.2013.08.12.08.32.26
for <
[email protected]>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 12 Aug 2013 08:32:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
[email protected] designates 2a02:2b88:1:4::27 as permitted sender) client-ip=2a02:2b88:1:4::27;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of
[email protected] designates 2a02:2b88:1:4::27 as permitted sender)
[email protected]Why is Google accepting a random IPv6 address as a legitimate sender for @bitcointalk.org when the spf record for bitcointalk.org only designates its MX servers (presumably IPv4 addresses) as valid?
Bitcointalk.org SPF:
v=spf1 mx a ~all
For what its worth, I didn't receive this email and I've checked my spam folders to verify.
Maybe this is an argument for going back to doing a hard fail using "-all" instead of the soft fail on "~all".
It's weird Google doesn't even consider this email the least bit suspicious though. It just says "spf-pass" like there's nothing wrong, using wedos.net as the authenticating domain even though the Reply-To: and From: are clearly from a domain NOT associated with wedos.net.
