Lately more an more of the legitimate message to our Google Apps have been getting tagged as SPAM. This is a big bad thing, not because SPAM is bad but because Google’s Spam filter has been so good we (everyone) seems to forget to check the Spam label.
Symptoms of False Spam
Firstly these messages are shown with the following warning:
Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information.
More and more messages are being tagged, many are legitimate like ones from Chase, WellsFargo, LinkedIn, Facebook who have properly configured MX, SMTP and DNS/SPF systems.
Another part of the issue, which we can see from headers, are DNS errors which appear to be happening inside the Google network, vis:
Received: from mail-iy0-f197.google.com (mail-iy0-f197.google.com [126.96.36.199]) by mx.google.com with ESMTPS id j8si5748968icp.124.2011.02.13.19.59.23 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 13 Feb 2011 19:59:23 -0800 (PST) Received-SPF: error (google.com: error in processing during lookup of XXX+bncCOq0i6ayARCb0eLqBBoE1p7bnQ@edoceo.com: DNS timeout) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of XXX+bncCOq0i6ayARCb0eLqBBoE1p7bnQ@edoceo.com: DNS timeout) smtp.mail=busby+bncCOq0i6ayARCb0eLqBBoE1p7bnQ@edoceo.com Received: by iye7 with SMTP id 7sf5690121iye.0 for <firstname.lastname@example.org>; Sun, 13 Feb 2011 19:59:23 -0800 (PST) Received: by 10.231.39.205 with SMTP id h13mr719416ibe.4.1297655963810; Sun, 13 Feb 2011 19:59:23 -0800 (PST)
Intra Domain Issues
Another issue we’ve been seeing happen is completely internal to Google Apps. In this circumstance the intra-domain message of some Google Apps users have been rejected, with 500 level SMTP errors and/or some timeout issues.
We’ll keep watching this one to see what happens, it’s very intermittent at the present.