On Fri, May 6, 2022 at 12:48 AM Dan Mahoney <d...@prime.gushi.org> wrote:
> Two inline thoughts. > > On Apr 30, 2022, at 4:48 PM, Ángel via mailop <mailop@mailop.org> wrote: > > On 2022-04-29 at 10:28 -0700, Brandon Long wrote: > > There have been other reports on this list of Gmail requiring > authenticated email. > > We don't require authenticated email... but we vastly prefer it, and > that preference has only increased over time. And the dkim replay > attacks have meant increasing the scrutiny of messages which are dkim > authn but not spf authn, which of course can hurt forwarding. > Forwarding is getting the short end of the stick in that > toss up. > > The above rejection isn't for the dkim replay case, of course, it's > for no authn at all. > > > Yep. I completely understand it's not authenticated. The problem is, > it's out of our reach to authenticate that third party email. It's the > recipient who wants to receive it. > > > SRS style rewriting allows the forwarder to get feedback if the > forwarding destination address goes away, > and do bounce handling... > and prevent bounces from going back to the original sender, exposing > the destination address. There are good reasons to do the rewrite, > but not as likely for the average procmail user, and having a good > spam filter that doesn't forward is very important. > > > What’s the threshold for not forwarding? If a user is at some point used > to receiving all mails, but with SA’s default score of 5 tagged with a > standard *****SPAM**** header, or an X-Spam-Status header, gmail should > easily recognize that it’s a forwarding account. > > There are going to be false positives to a spam filter — and what should > happen with those? They get not-forwarded and put in a mailbox on the > forwarding server that the user literally never checks? Rejected at SMTP > time, for fear of gmail? > > And then there are false negatives, which will make a forwarding server > seem more spammy, unless *my* spam filter and *gmails* are in perfect > harmony. > > To the point that when I send a new mail to a gmail user, it’s routed to > the spam folder, because “Lots of mail from prime.gushi.org is spam”. > Seriously. With nothing showing in postmaster. > Worse is if the spam filter sticks the ***Spam*** in the subject, thereby guaranteeing to break the DKIM signature. We also don't want to learn from your spam filter, and we usually find that the spam markings third parties put on email is much worse than our own, and lead to our users complaining about our anti-spam performance even though it's due to their own filters. (this is in the enterprise space where you can do this type of integration) That said, we don't expect that your spam performance needs to match ours. You just want to make sure that most of the mail you forward isn't spam. 99% non-spam isn't the goal you need. There’s a couple of very standard headers that the common open source > filters add (spamassassin, crm, dspam). Gmail could trivially recognize > upstream spam filters (per > sending-host) and act on them. They choose not to. > I think there is an overestimation here of how common these things are, if you eliminate mailing lists and complicated enterprise setups (where they do have these controls), the amount of forwarded mail is pretty small. There are always trade-offs when prioritizing engineering effort, and spammers are happy to game anything they can. Anyways, yes, the previous thread years ago said "forward non-spam, let user's pop spam and other things that fail to forward" which is not the level of effort anyone wants to do. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
