> Am 08.02.2024 schrieb Cyril - ImprovMX via mailop <mailop@mailop.org>:
>
> > But forwarding an email from a domain that have DMARC enabled (with a
> > policy different than "none") could still work if the sender signed
> > their email with DKIM. Isn't it correct?
>
> That is true. But not all domains have DKIM.
Spammers forging eMail accounts is the primary reason SPF and DKIM
are so prevalent these days.
I believe the day will come when it will be pointless to send eMail
from a domain that doesn't have a properly-configured SPF record and
all of its outbound mail signed with DKIM.
All this extra work is thanks to spammers -- they deserve zero
compassion for their theft-of-service, their fraudulent activities,
and the forgeries they actively engage in. They should all be
permanently banished from the internet, and put through the courts of
law for any criminal acts they willingly participated in.
> > In order for DMARC to be valid, you need at least SPF OR DKIM to
> > PASS, but also have domain alignment between the From header and
> > either the SPF sending domain, or the DKIM signing domain.
> > When forwarding, you break SPF as you are probably not on the list of
> > authorized sending servers, but if the DKIM alignment and validity is
> > there in the beginning, the email should still pass DMARC.
>
> Depends on the receiver's policies. Google doesn't accept it if SPF
> fails.
In my opinoin, SPF policy enforcement seems to be so commonplace
these days that it might as well be considered de facto.
> > The only case where email forwarding is in trouble is for senders
> > enabling DMARC without sending DKIM-signed emails.
>
> It makes much more trouble.
> If MAIL FROM: isn't being changed, a bounce (for whatever reason) goes
> to the original sender and confuses people and systems (some
> unsubscribe if a hard bounce is received).
>
> Spam that isn't being detected by your own systems is being forwarded
> to foreign mail providers and they may list you on a dnsbl.
That is a problem, and many users choose to forward their
publicly-published eMail accounts that spammers know about (e.g.,
from scraping web sites, sharing lists, etc.), or rely on filters to
forward spam, to free webmail provider accounts because they regard
such free accounts as throw-away accounts that help them avoid
clogging up their main accounts.
Of course, this doesn't help legitimate providers maintain a good
reputation because, to the free webmail provider, they look like a
source of spam (as you noted). It gets worse because the user
periodically logs in to delete all the spam (after checking for any
legitimate mail that might have come through, presumeably), so the
pattern that the webmail provider sees is a user who keeps deleting
nearly every message they receive ... which, to them, likely looks
like a user receiving too much spam and just deleting nearly all of
it every time they log in.
> There are more disadvantages. I work at the IT department of a
> university and we have many clients complaining about mail problem
> related to forwarding.
>
> Some providers block bulk mails that often occur within a site (e.g.
> the boss want to inform 10000 employees and those have forwards to
> Gmail). That blocking might be a hard bounce, but can also be a rate
> limit or a silent drop.
> Most clients also don't check their spam folders and complain they
> didn't receive certain messages.
>
> My opinion: Get rid of forwarding to external sites whenever possible.
Some universities don't even provide a forwarding option for the
eMail accounts they set up for their students, and this trend will
probably continue to grow for the very reasons you laid out.
--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
