On Thu, Apr 28, 2022 at 7:20 PM Mark Milhollan via mailop <mailop@mailop.org> wrote: > It does not. As recently discussed, Gmail plays a game of trying to > guess whether SPF should have failed on a previous hop, rather than just > the connected peer.
I don't really see that much of an issue with this in popping mail into Gmail. But I agree that it's something that really shouldn't be done. I was speaking more in terms of concept than Gmail's actual implementation of collecting POP3 mails. I'd argue that all spam scanning should be done on the server that is initially receiving the mail (i.e the server Gmail is popping mail from). And then Gmail should just dump all mails from POP'd accounts into the Inbox. If Gmail can distinguish between content filtering and authentication filtering, then they might apply content filtering to these POP'd messages. Although, I'd like to see an option in Gmail when setting up to retrieve POP3 messages that there would be an option to "Never flag these messages as spam" - thereby avoiding any Gmail-based content (or authentication) filtering. But yea, there's no need to authenticate SPF or DKIM in POP'd messages - that's the job that the receiving server (since presumably it obtained the messages through an SMTP transaction) should be doing. But just the concept: The email service you are using as your MUA, if it can collect mail from a POP/IMAP service - then it can't really knock or blacklist that server since the MUA user has made a conscientious decision to retrieve those mails. It's a pull request by the MUA. Whereas forwarding or just sending mail in general to a specific email address is a push to the MUA. The MUA doesn't explicitly acknowledge that they want to receive those messages, they just get pushed on to them. The service that is having these messages PUSHed onto them, sure they can complain about the messages being spam and block the PUSHer if they so deem. And with automatic forwarding to Gmail, the server doing the forwarding ... is PUSHing those messages to Gmail. How is Gmail supposed to know that the server is just PUSHing a message that was PUSHed to them? I suppose you could argue that Gmail can read the headers and determine that the message was PUSHed onto the server that is currently PUSHing it to them, but then what? If they ignore it, they're going to be receiving a lot of spam. And they have no jurisdiction to stop the message from being PUSHed to the original collecting server. But a PULL is different. If the end user MUA doesn't want to receive these messages... then stop PULLing them. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
