>> In general, it seems we're way past the point where we should have a more >> explicit system for forwarding.
> Agree. Who wants to write one? :) On needs to think of what ‘forwarding’ means: - It could mean that someone wants to forward his/her email from localp...@example.com to a third party, e.g. Gmail. Two mailservers with different owners. - It could mean that the whole domain is forwarded to a mailserver which does the spamfiltering again (failing e.g. SPF; i.e. a case of bad spamfilter setup which happens a lot). Two mailservers with one owner. This may be a specific form of the first. In the third-party-case, the user wants emails from localp...@example.com to their Gmail. Without (more) spamfiltering (regarding the sender). There are two issues: How does example.com authenticate to Gmail that this mail is legitimate. The second issue is that Gmail now may have ‘unsafe’ content on their platform (because even if the source is legit, it ‘may’ be compromised*). Third: There is spam from legitimate companies who somehow abuse their legitimate channels (content-wise or opt-in-wise); Gmail needs to keep track of that as well (how do you do that with forwarding?). The first issue can be technically solved with e.g. public/private keys. One may even stretch it so not only forwarders can use it as a one-hop permission, but senders in general. One would need to think about the way to exchange keys (without bothering the recipient too much). It may solve large parts of opt-in issues. The second and third issue is not so simple. How do you solve (compromised) content issues from people with bad/uninformed intentions. My Eur 0.01, rant away. David Hofstee Deliverability Management MailPlus B.V. Netherlands (ESP) *for large receiving parties on the internet, there are always compromised legitimate sources sending to them. Van: mailop [mailto:mailop-boun...@mailop.org] Namens Robert Mueller Verzonden: Thursday, September 10, 2015 1:46 PM Aan: Brandon Long CC: mailop Onderwerp: Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk Ok, just to confirm, does this mean you don't recommend or recognise SRS rewritten MAIL FROM addresses as special in any way? Does anyone understand SRS? I thought it was pretty much a dead end. IMHO everything about SPF and SRS borders on somewhere between pointless and craziness. Is there any evidence it's been useful in any way to help stop or identify spam? Which reminds me, I need to ping the spam folks again, that page is still recommending putting SPAM in the subject, which breaks dkim, which is the last thing you should do. I think we're going to support an X-Spam header instead... except of course that's a violation of RFC 6648. Anyone want to recommend a generic header name? Maybe go with something that's already commonly added? https://wiki.apache.org/spamassassin/X_Spam_Status At least the Yes/No bit on the front? In general, it seems we're way past the point where we should have a more explicit system for forwarding. Agree. Who wants to write one? :) Rob Mueller r...@fastmail.fm<mailto:r...@fastmail.fm>
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
