This Message Could Be a Scam (Gmail / Google Apps)

It seems as though google recently made a change to how Gmail / Google Apps handles forwarded emails. A forwarded email (even within your own domain) can cause a “soft fail” in the SPF records and cause Gmail to add a warning to the email like the following:

This message could be a scam

We’ve seen this issue frequently since March 29th, the date on this support doc

If you see this error message, take a look at the headers for where the “soft fail” is happening

Normal case:

  1. We send an email on your behalf from our IP (50.31.36.179) signed by your domain.
  2. Gmail receives the email, and checks the SPF record on your domain to make sure 50.31.36.179 is a valid sender IP for this domain.
  3. That IP is in the SPF record, so the check passes.

ISP forwarding case:

  1. We send an email on your behalf from our IP (50.31.36.179) signed by your domain.
  2. Some other service receives the email (it could even be a different gmail account), and does the check above.
  3. The service is configured to forward the email on to another email, and does so from their own IP.
  4. The receiving service checks SPF, but they don’t have access to the original IP (50.31.36.179). They only see the IP of the forwarding service.
  5. That IP isn’t in your SPF record, and SPF is configured to “softfail” in this case.

Previously, we haven’t noticed “softfail” causing any issues with gmail or other providers. The spec says “softfail” should have the intended action of “accept but mark”…

Who can fix this?

Unfortunately in many cases only the recipient can fix it.

If you have Google Apps for domains and you’re forwarding mail to your Gmail account, make sure that you have correctly configured SPF records for Google on your domain. Or really, however you’re forwarding email, make sure the SPF record is valid in your DNS.

Wherever you’re forwarding mail to yourself, you become the party that needs to be trusted. The cases we see most often are:

  • Forwarding from work email (Google Apps) to my personal gmail
  • Forwarding from a group email address devs@domain.com to bob.smith@domain.com

Many people using Google Apps don’t have SPF configured. That’s our current understanding of this issue. If you have more insight on the issue, we’d love to update this post, so please add it in the comments below.