Earlier I wanted to use Windows 10 modern communication apps (Mail, Calendar and People) with my google account. But windows uses svchost.exe for a lot of task including windows update and syncing of email, calendar,.. I use firewall and didn’t wanted to complete outbound access to svchost.exe and wanted to create rule only for Google servers. Here is my research. Hopefully it might help someone.
nslookup -q=TXT _spf.google.com 188.8.131.52
gets us `”v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”`
nslookup -q=TXT _netblocks.google.com 184.108.40.206
nslookup -q=TXT _netblocks2.google.com 220.127.116.11
nslookup -q=TXT _netblocks3.google.com 18.104.22.168
“v=spf1 ip4:22.214.171.124/20 ip4:126.96.36.199/19 ip4:188.8.131.52/20 ip4:184.108.40.206/20 ip4:220.127.116.11/18 ip4:18.104.22.168/16 ip4:22.214.171.124/21 ip4:126.96.36.199/16 ip4:188.8.131.52/20 ip4:184.108.40.206/17 ip4:220.127.116.11/19 ip4:18.104.22.168/19 ~all”
“v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”
“v=spf1 ip4:22.214.171.124/19 ip4:126.96.36.199/19 ~all”
I don’t use IPv6 so I am throwing the IPv6 results. Just merge the rest IP ranges by a comma and you will get
These are google public IP ranges you will ever access.
Now just create an outbound firewall rule.
– Use these IP range as remote address
– Remote port: 993 (IMAP), 465 (SMTP), 443 (HTTPS), 80 (HTTP)
– Program path: C:\windows\system32\svchost.exe
– Direction: Outbound
Just create it and you are good to go.