On 2023-05-26 at 13:16 -0500, Scott Mutter via mailop wrote: > If you ask me - a better solution would be to do away with forwarding > completely and incorporate POP checks, like Gmail does. This > alleviates all of the issues with forwarding mail in relation to SPF > and DKIM. > > But I know that stance is wildly unpopular since it breaks the "it > used to work that way" narrative. But at some point you add so much > to a system that it becomes so bloated and overloaded that nothing > can be accomplished. The more simple a system is the more efficient > it is going to be. Outside of external mail server forwarders, a > properly constructed SPF record can go a long, long way towards > alleviating the spam problem. How much is it worth to keep external > forwarders working at the cost of spam prevention? If forwarding > mail is so important, can a better system for handling forwarded mail > be developed? I'm just not sure if the answer is to continue to add > systems and directives to email to solve all of this.
There is a very simple solution, which is to let the user configure in the receiving system: "I will be forwarding emails to this account from <server>", or "from <email-addr>" (automatically using the spf and/or dkim of that domain). If you are forwarding, the forwarding server is part of your email infrastructure, it is to be trusted. It makes no sense to check SPF on the IP of the MTA you have configured should be forwarding to <other account>. Such server would then be in a privileged position to impersonate other servers, but so could it do already through the forwarded account (one might want to require as well a header such as Delivered-to: showing it went through the forwarded mailbox, to avoid granting extra rights to other users with a mailbox on the forwarder). So why isn't this used? Basically, lack of implementation at the receiver side. If you run your own receiver MTA it's trivial to do, but if the receiver account is run by a third-party you usually have no option to configure that, which is exactly what would be needed. Regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
