Re: [mailop] Is forwarding to Gmail basically dead?

Fri, 09 Feb 2024 14:08:12 -0800 

Or people could stop forwarding emails in idiotic ways, because when you 
forward an email, you are actually forging the original sender.


Ergo, if you forward a email from genuineu...@genuineserver.com to 
myacco...@gmail.com via an account called exam...@example.org ..
Technically, you encapsulate the email in a new message/rfc822 object and add 
"Fwd: " in the subject header.

Then if you receive mail like this:

From: genuineu...@genuineserver.com
To: exam...@example.org
Subject: Hey
Content-Type: text/plain

Content


Then you forward it as:

From: exam...@example.org
To: myacco...@gmail.com
Reply-To: genuineu...@genuineserver.com
Subject: Fwd: Hey
Content-Type: message/rfc822

        From: genuineu...@genuineserver.com
        To: exam...@example.org
        Subject: Hey
        Content-Type: text/plain

        Content


So simple.
You verify SPF and DKIM on your end, then add headers for SPF/DKIM verification 
but so the receiving server doesn't remove them.
Like "X-Auth-Results: SPF=PASS, DKIM=PASS"

Then you add your own DKIM signature, forward the email.
Encapsulated version preserves the original in full, meaning the receiver can 
verify both the container AND the forwarded email against the original source.

-----Ursprungligt meddelande-----
Från: Marco Moock via mailop <mailop@mailop.org> 
Skickat: den 9 februari 2024 17:11
Till: mailop@mailop.org
Kopia: Scott Mutter <mailopl...@amssupport.info>
Ämne: Re: [mailop] Is forwarding to Gmail basically dead?

Am 09.02.2024 um 08:50:52 Uhr schrieb Scott Mutter via mailop:

> This is part of the issue I have with all of these band-aid solutions 
> when it comes to "fixing" the spam problem with email.  You're going 
> to continue to have these issues with email until people realize that 
> they are going to have to let go of some of these grandfathered 
> standards - like external email forwarding.  If external email 
> forwarding was not a thing, then a properly constructed SPF record is 
> going to do a pretty good job (a complete job?) of identifying 
> messages that are forged (phishing) and those that are legitimate.

A good solution for phishing is S/MIME. Sadly, the adoption is very low.
If all banks, online shops, government would use that, users could simply check 
the sender and forging messages would be much, much harder.


--
Gruß
Marco

Spam und Werbung bitte an ichschickerekl...@cartoonies.org 
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to