I'm getting a lot, and I mean A LOT, spam recently from various "<IP in reverse notation>.bc.googleusercontent.com" domains. Not sure what can be done about that. But the uptick is very noticeable.
Depends on the mail server. I'd probably 5xx all mail from googleusercontent.com as I don't give a toss if something Google breaks, and could debug what happened from the mail server logs. Google's incompetence in marking all the OpenBSD mailing list traffic as spam is why I'm running my own MX. If you have actual customers on your mail services you should audit the logs, see if anyone is actually using Google for something legit (usually it's the spam, I mean, marketing department being their usual sleazy selves), maybe flag the messages as potential spam by default. If you do have users doing something wacky with googleusercontent.com (email notifications from batch jobs, or something?) there are other ways those notifications could be done, e.g. over a VPN or via some other service that would allow all googleusercontent.com to be blocked by default from doing SMTP, ideally at the firewall level so less CPU is wasted on them. Complications here are that people forget or leave and so there might be some wacky workflow that uses Google running on some walled off server somewhere, so it may be a months long "slow simmer" to see if there is anything legit hiding in the noise. Or you could yank the band-aid off and see what breaks?
Yup, same. I'm blocking bc.googleusercontent.com and also firebaseapp.com for now. The reverse DNS should also be able to be used, as the fakey spam domains don't match up with the PTR record, but I want to wait until I can watch the logs for a bit to make sure that works nicely.
