Automatic email forwarders are generally a bad idea, at least in my humble opinion.
They're always going to fail SPF unless you rewrite the sender-envelope, which I also don't think is a good idea. Ultimately, the argument generally comes down to "well, these used to work" and that's part of the problem. People expect everything to work just like it used to - but they also want to gain all of the benefits of newer anti-spam/anti-phishing components. That's just simply a false narrative. I'm not sure what specific mail system the user is using, but my suggestion would be to set up the address to collect into a local POP3 mailbox on the same server that's doing the forwarding. Then configure your Gmail account to POP mail from that POP3 mailbox. This side steps the issues of SPF failing, while also allowing the user to remain exclusive to their Gmail account. On Thu, Apr 28, 2022 at 2:02 PM Brandon Long via mailop <[email protected]> wrote: > > Are they using the suggestions on > https://support.google.com/mail/answer/175365 for procmail forwarding? > > There's a double edge sword with SPF auth for forwarding.. if you re-write > the envelope sender to the forwarding address and forward spam, the > forwarding domain can accumulate poor reputation. If you don't rewrite the > envelope sender, then the messages will no longer be SPF authed, and that may > cause spam detection issues. > > There's no great solution to this problem. Theoretically, one could try to > walk the line and rewrite the sender for some messages where you think it's > not spam but having no auth causes issues ... though it won't work for say > domains with DMARC since there has to be alignment. > > ARC is the theoretical solution to this, where it can forward auth > information, but how to handle the forwarded auth information is still a work > in progress. > > In a long ago thread, we discussed the benefits of doing both forwarding and > pop fetching, to handle the edge cases. > > Brandon > > On Thu, Apr 28, 2022 at 11:49 AM Geoff Mulligan via mailop > <[email protected]> wrote: >> >> I have a user on one of my servers that uses procmail to forward messages to >> their gmail account. >> >> Every once in a while messages sent to them are "bounced" to the sender with >> the error fro gmail: >> >> 550-5.7.26 This message does not have authentication information or fails to >> 550-5.7.26 pass >> authentication checks. To best protect our users from spam, the >> 550-5.7.26 >> message has been blocked. >> >> How can I diagnose this??? >> >> Is it that the message sender's domain has a DMARC setting or some such that >> gmail is using and that my server (which is just forwarding the message) is >> failing? >> >> If so, how is someone supposed to forward messages to gmail??? >> >> Thanks, >> Geoff >> >> _______________________________________________ >> mailop mailing list >> [email protected] >> https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
