Forwarding email loses a great deal of sender information and thus harms spam mitigation, but getting users to never do it will be difficult. There are too many things that require you to have (for example) a Google account with automatic GMail address that seems to leak out despite attempts to prevent it.
DKIM and SPF are both valuable tools in our arsenal, and SPF fail isn't enough to reject mail. --Jered ----- On Oct 6, 2015, at 5:05 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 10/6/2015 5:01 PM, Jered Floyd wrote: >> Ah; good eyes! >> That KAM_FACEBOOK rule is dangerous. > The behavior of forwarding content which effectively is the same as a forgery > is > where the danger lies... If this is behavior that users are performing, of > course then there needs to be appropriate reaction but overall, forwarding > emails is going to cause issues with a ton of domains and should be > discouraged > entirely. > Regards, > KAM >> --Jered >> ----- On Oct 6, 2015, at 4:33 PM, David B Funk dbf...@engineering.uiowa.edu >> wrote: >>> On Tue, 6 Oct 2015, Alex wrote: >>>> Hi, >>>> I've received a handful of messages that appear to be facebook >>>> notifications, but fail SPF. They otherwise look completely legit - >>>> links to profiles, only URLs to facebook.com and CDN caching sites, >>>> and even appears to have been routed through facebook's outgoing mail. >>>> All of that could be faked, but it would mean the payload is in the >>>> actual facebook profiles themselves. Has anyone else found this to be >>>> the case? http://pastebin.com/jE8G5LXJ Thanks, >>>> Alex >>> That's because it's a forwarded message. That message was originally sent >>> from >>> FB to " <tom.wil...@cox.net> " and it looks like he's got his '@cox.net' >>> account >>> forwarded to " <tom.wil...@example.com> " (for what ever '@example.com' >>> should >>> really be). >>> So that explicit forward breaks the SPF chain, thus triggering that SPF >>> fail. >>> The valid DKIM signature indicates that the message is legit. >>> -- >>> Dave Funk University of Iowa >>> <dbfunk (at) engineering.uiowa.edu> College of Engineering >>> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center >>> Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 >>> #include <std_disclaimer.h> >>> Better is not better, 'standard' is better. B{ > -- > Kevin A. McGrail > CEO > Peregrine Computer Consultants Corporation > 3927 Old Lee Highway, Suite 102-C > Fairfax, VA 22030-2422 > http://www.pccc.com/ > 703-359-9700 x50 / 800-823-8402 (Toll-Free) > 703-798-0171 (wireless) > kmcgr...@pccc.com
