Earlier I wanted to use Windows 10 modern communication apps (Mail, Calendar and People) with my google account. But windows uses svchost.exe for a lot of task including windows update and syncing of email, calendar,.. I use firewall and didn’t wanted to allow complete outbound access to svchost.exe and wanted to create rule only for Google servers. Here is my research. Hopefully it might help someone.
nslookup -q=TXT _spf.google.com 18.104.22.168
gets us `”v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”`
nslookup -q=TXT _netblocks.google.com 22.214.171.124
nslookup -q=TXT _netblocks2.google.com 126.96.36.199
nslookup -q=TXT _netblocks3.google.com 188.8.131.52
“v=spf1 ip4:184.108.40.206/20 ip4:220.127.116.11/19 ip4:18.104.22.168/20 ip4:22.214.171.124/20 ip4:126.96.36.199/18 ip4:188.8.131.52/16 ip4:184.108.40.206/21 ip4:220.127.116.11/16 ip4:18.104.22.168/20 ip4:22.214.171.124/17 ip4:126.96.36.199/19 ip4:188.8.131.52/19 ~all”
“v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”
“v=spf1 ip4:184.108.40.206/19 ip4:220.127.116.11/19 ~all”
I don’t use IPv6 so I am throwing the IPv6 results. Just merge the rest IP ranges by a comma and you will get
These are google public IP ranges you will ever access.
Now just create an outbound firewall rule.
– Use these IP range as remote address
– Remote port: 993 (IMAP), 465 (SMTP), 443 (HTTPS), 80 (HTTP)
– Program path: C:\windows\system32\svchost.exe
– Direction: Outbound
Just create it and you are good to go.