On Fri 22/Nov/2019 07:37:05 +0100 Tom Ivar Helbekkmo via mailop wrote: > Brandon Long via mailop <mailop@mailop.org> writes: > >> And even if you do block at smtp time, in forwarding situations you're >> just making someone else generate the backscatter... [...] > > Well, the whole point of DMARC is to get improved protection against > forgeries, and, as usual, things can't improve if we insist that there > be no consequences for those who refuse to take part. Plain forwarding > of mail, preserving the From:, is becoming impossible, for good reasons, > so we should stop doing that.
Plain forwarding, that is without changes except trace header fields, needs no From: munging. Changing the envelope from, however, is necessary in order to avoid backscatter as well as to not betray a final email address in case its owner doesn't want to spread it. I prefer a fixed bounce address, possibly empty, over SRS. > Mailing lists should do what this list does, which, at least with Mailman, > is no more work for the administrator than checking a box in the > configuration. Probably right, albeit not yet standardized. > However, no matter what I do, any spam they receive here, and that is then > forwarded to gmail, will be detected by Google, and blamed on me. > Eventually, I'll be unable to send mail to gmail recipients. So the real > solution is to refuse to forward mail for them, instead setting things up so > that mail to them is bounced, with an error message explaining how to reach > them directly at Google. If there's one thing ARC is worth for, that's reputation management. Of course, base filtering must be done before forwarding. Then, if the receiver trusts the forwarder enough to believe that its ARC marks are not counterfeit, forwarder reputation can be left intact. Best Ale _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
