<b>Verifying Googlebot in your logs: 5 sources that get it right</b>

<b>Verifying Googlebot in your logs: 5 sources that get it right</b>
Reverse DNS spoofing is rampant, so here's the canon on confirming a hit is really Google.

→ <b>Google Search Central</b> — the official reverse-then-forward DNS recipe (<code>host</code> on the IP, then confirm it resolves back). Boring, authoritative, the baseline everyone else builds on.
→ <b>Google's exported IP ranges</b> — googlebot.json and special-crawlers.json let you match by CIDR instead of slow DNS lookups. Cache them; they change.
★ <b>Pick of the week — Stephan Boyer's writeup on rDNS pitfalls</b> — explains why a forward-confirmed PTR is non-negotiable and how attackers fake the User-Agent string alone.
→ <b>Cloudflare Radar docs</b> — good primer on verified-bot signatures if you sit behind a proxy and lose the real IP.
→ <b>iplists community lists</b> — handy when you need Bingbot and others too.

Takeaway: never trust the UA string. Confirm the IP, or you're counting impostors.