You have a good point in that the first and main problem is that the
forwarder cannot be trusted to not mangle or fake the original message.
Nothing else can be sorted out until this gets out of the way, including
OOB communication between originator and final receiver. Which is in
effect message authentication. For which we already have DKIM (among
others).
We could mandate DKIM for all originating SMTP servers and "forward as
attachment" forwarding+DKIM for all forwarding servers. Thus, any
seemingly forwarded messageĀ without its own DKIM signature and
fully-wrapped DKIM-passing original is a lie (like the pie). So, my take
is: lean much more on DKIM and by extension DMARC until nobody can send
unauthenticated emails effectively, at all. Any $20 web/mail host has
cpanel, etc that does this automatically. In the user UI nothing much
will change, nor what we are currently doing at a basic level.
To me this seems "fairer" than wrapping the message alone, because the
forwarding server now takes on the burden of the reputation hit for that
message. Eventually, enough viagra messages will be forwarded that the
forwarder can't get any mail delivered anywhere. I would simply disallow
forwarding rather than risk everything on the content of my user's
incoming mail. They can't help it if their email has been harvested by
spammers/phishers so it's an inevitability.
Best Regards,
George Miliotis
[of the decimated small/tiny mail server brigade]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop