Sh4mefulIP Address: 209.85.220.41
Mail-sor-f41.google.com (IP address 209.85.220.41) is a mail-sorting server belonging to Google that has been flagged in various reports for spam and poor reputation, often due to spoofed sender addresses. It is a legitimate Google IP used for sending mail, but it frequently appears in abuse reports.
Key Details About mail-sor-f41.google.com
- Purpose: This is a mail-sorting server owned by Google, likely part of their Google Workspace or Gmail infrastructure, used for routing emails.
- Abuse Reports: The IP address
209.85.220.41has been flagged in multiple reports for spam and spoofing, where the sender field is forged to look like a legitimate sender, even though the mail originates from this Google server. - Reputation: The IP has been identified with "poor" reputation in some DMARC analyses and has been listed on blacklists.
- Verification: While associated with spam, it is a legitimate Google IP. Users receiving spam from this source should treat it as malicious, especially if the sender address is spoofed.
- Action for Admins: To prevent issues with this IP, it is recommended to ensure Google Workspace SPF and DKIM records are correctly set up to protect your domain.
Sources: Gemini (retrieved 29-Jan), Reddit
This is (part of) the GCP public cloud. Some email protection services run in GCP, but it is also an attack/spam vector.
This page shows DMARC authentication failure data for this IP address. Learn more about this data.
Geolocation Information
- Country:
- US United States
- Coordinates:
- 37.751, -97.822
WHOIS Information
- Network Name:
- CIDR:
209.85.128.0/17- Owner:
- Google LLC
- Org ID:
GOGL- Address:
- 1600 Amphitheatre Parkway, Mountain View, CA 94043
- Reverse DNS:
-
mail-sor-f41.google.com
Last updated: 2/5/2026
Analysis
This IP was first observed on March 12, 2024 and most recently on April 8, 2026. It has been associated with 321 failed authentication events affecting 1,474 messages, representing significant volume. The IP belongs to GOOGLE (Google LLC), a cloud hosting provider with activity associated with United States. 4 other IPs in the same /24 subnet (209.85.220.*) also appear in this dataset.
Network Topology
Failures Detected from this IP
Showing 1-50 of 321 failures, affecting 1,474 messages| Date ▼ | Messages |
|---|---|
| 4/8/2026 | 1 |
| 3/25/2026 | 2 |
| 3/11/2026 | 2 |
| 2/25/2026 | 1 |
| 1/29/2026 | 2 |
| 1/19/2026 | 1 |
| 1/17/2026 | 1 |
| 1/15/2026 | 2 |
| 1/14/2026 | 1 |
| 1/13/2026 | 4 |
| 1/12/2026 | 5 |
| 1/9/2026 | 4 |
| 1/8/2026 | 3 |
| 1/7/2026 | 4 |
| 12/29/2025 | 3 |
| 12/11/2025 | 3 |
| 12/9/2025 | 2 |
| 12/4/2025 | 2 |
| 12/3/2025 | 1 |
| 11/30/2025 | 1 |
| 11/24/2025 | 1 |
| 11/20/2025 | 2 |
| 11/18/2025 | 1 |
| 11/17/2025 | 3 |
| 11/10/2025 | 5 |
| 11/7/2025 | 6 |
| 11/3/2025 | 4 |
| 10/31/2025 | 3 |
| 10/28/2025 | 2 |
| 10/27/2025 | 2 |
| 10/24/2025 | 3 |
| 10/23/2025 | 2 |
| 10/20/2025 | 1 |
| 10/15/2025 | 2 |
| 10/10/2025 | 8 |
| 10/9/2025 | 2 |
| 10/8/2025 | 2 |
| 10/6/2025 | 3 |
| 10/2/2025 | 3 |
| 10/1/2025 | 2 |
| 9/30/2025 | 6 |
| 9/29/2025 | 5 |
| 9/25/2025 | 6 |
| 9/24/2025 | 1 |
| 9/22/2025 | 2 |
| 9/19/2025 | 1 |
| 9/18/2025 | 2 |
| 9/16/2025 | 3 |
| 9/11/2025 | 3 |
| 9/9/2025 | 4 |
External Reputation Lookups
Look up this IP in external threat intelligence and reputation databases (opens in new tab):
Nearby IPs
Other IPs in the 209.85.220.0/24 range observed failing DMARC:
209.85.220.69 (257 failures), 209.85.220.97 (43 failures), 209.85.220.101 (16 failures), 209.85.220.65 (5 failures)