On Mon, Oct 1, 2018 at 4:39 PM Michael Peddemors <mich...@linuxmagic.com> wrote:
> On 18-10-01 03:52 PM, Grant Taylor via mailop wrote: > > On 10/01/2018 03:00 PM, Brandon Long via mailop wrote: > >> We've typically recommended forwarders to not rewrite the envelope > >> sender when forwarding for this reason, but that was mostly pointed at > >> tech folks running their own servers (this page has a section for > >> procmail https://support.google.com/mail/answer/175365) > > Of course, a better recommendation is not to forward to remote systems. > Every email client nowadays allows you to connect to multiple mailboxes. > You can even get your gmail account to check 3rd party mailboxes ;) > > However, yes.. the use of SPF has reached the point that you should > either do proper EnvelopeFrom rewrite, or not do email forwarding. > > The worst case is those people that think, "I will turn spam protection > off, and then forward everything from email account one, to email > account two".. > > I assume that Brandon means ONLY for forwarding to Gmail? > I can only speak to what Gmail prefers. I don't know how many other systems work similarly to ours, but the logic is that if you rewrite the envelope sender and then SPF auth that sender, you're basically attaching your domain to the message, and you'll accrue reputation based on it. Obviously, that is already happening to your IP, but you could imagine an IP:auth domain reputation pair being able to separate the streams, logically. Also, rewriting the sender opens you up to auth based privilege escalation, the message that was forwarded now auths as the forwarding domain. ARC helps there, though, since it allows you to see the inbound auth levels and see where the escalation occurred. (Surprised how many weak SPF records are out there, wonder if they > weakened it up because of SPF checks in forwarded email..) > > Kind of defeats the whole idea of SPF when the policy is weak. > SPF was defeated the second it was proposed. Mail forwarding is not going away. Your average consumer may consume almost no forwarded mail, but even there you have folks moving from one mail provider to another or wanting a new email address at their existing provider. Technical users and Enterprises rely on a ridiculous amount of mail forwarding. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
