In article <[email protected]> you write: >Forwarding is an action on the receiving end, and can only be solved >reliably by the recipient. Notably, a mailbox user could specify >addresses that are forwarded to their mailbox. Mailing list >subscriptions may be seen as a special form of forwarding.
Sorry but this is another WKBI. Off the top of my head some of the reasons it doesn't work are: * There is no way to tell who forwarded a message, in particular you cannot expect the recipient to be in a To: or Cc: header. You could invent a Forwarded-By: header, but of course bad guys add fake headers, so you'd have to track who's supposed to be forwarding what and you'd end up with a very complex and fragile forwarder whitelist. * There is a kludge called SRS that embeds the original bounce address in the forwarder's bounce address, but it doesn't help. * Mailing lists invariably replace the incoming bounce address with their own bounce address so they can handle the bounces, which among other things means there you can't tell that a mailing list message is a mutated forwarded message from whoever originally sent it. Skipping ahead, you might at best end up with a very complex and fragile mailing list whitelist. * Asking users to manage their own security settings doesn't work. See prior discussion of MUA highlighting and browser warnings. R's, John PS: Most courtesy forwards don't break DKIM signatures. That's not an accident. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
