2

I received a gmail from the address of a friend who is long out of contact.

It is possible to use a utility/service such as mail2web.com to define a sender email that differs from the true sender address hence when the raw-text of the message carries a line as below

domain of ***@hotmail.com designates 65.54.190.21 as permitted sender

What does the above line mean? Does it indicate the sender address was something other than the ***@hotmail.com mentioned?

Everyone
  • 249
  • 2
  • 4
  • 9

2 Answers2

8

That statement is gmail's checking of the Sender Policy Framework records for the domain that the sender's address is in, to verify that the owner of the domain (hotmail.com) wants to allow the sending server (65.45.190.21) to send email for the domain.

So, the hotmail.com domain specifies this as its SPF:

v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all

Which turns into a big mess when we look at all those includes:

spf-a.hotmail.com
v=spf1 ip4:209.240.192.0/19 ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24 ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all

spf-b.hotmail.com
v=spf1 ip4:199.103.90.0/23 ip4:204.182.144.0/24 ip4:204.255.244.0/23 ip4:206.138.168.0/21 ip4:64.4.0.0/18 ip4:65.54.128.0/17 ip4:207.68.128.0/18 ip4:207.68.192.0/20 ip4:207.82.250.0/23 ip4:207.82.252.0/23 ip4:209.1.112.0/23 ~all

spf-c.hotmail.com
v=spf1 ip4:209.185.128.0/23 ip4:209.185.130.0/23 ip4:209.185.240.0/22 ip4:216.32.180.0/22 ip4:216.32.240.0/22 ip4:216.33.148.0/22 ip4:216.33.151.0/24 ip4:216.33.236.0/22 ip4:216.33.240.0/22 ip4:216.200.206.0/24 ip4:204.95.96.0/20 ~all

spf-d.hotmail.com
v=spf1 ip4:65.59.232.0/23 ip4:65.59.234.0/24 ip4:209.1.15.0/24 ip4:64.41.193.0/24 ip4:216.34.51.0/24 ~all

The address (65.45.190.21) is in the 65.54.128.0/17 block specified in spf-b.hotmail.com, so the mail is allowed.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
1

That is part of GMail's analysis of the SPF record for the hotmail.com domain. SPF records allow mail administrators to specify which server(s) their mail should be sent from. If a piece of email is received from a server that doesn't match the SPF record for that domain, it can be easily assumed that the mail is spam.

In this case, Gmail checked the SPF record for hotmail.com and found that 65.54.190.21 is permitted to send mail for that domain.

EEAA
  • 108,414
  • 18
  • 172
  • 242