This would require some sort of trust. Like with certificates, but where you apply that you are not a spam sender. The tricky part is that the original sender, cannot know (and should not know) where a mail is forwarded.
So a handshake between the original sender and final recipient isn't gonna work. The forwarding server, could be a big liar, creating fake spam or phishing messages, so the final recipient cannot just trust a forwarding server blindly. So any handshake involving the forwarding server, can be abused. The SPF uses DNS for the precise reason that the receiving server should not need to ask the sending server, as this could create some form of DDoS if a fake email is sent to a large number of recipients. That’s why DNS is chosen, as it has a caching mechanism to make sure attacks are toned down. Only viable solution I see, is just to replace sender as I described in a previous list mail. Either replace the sender headers directly. OR encapsulate the email unmodified in a new message/rfc822 container. Try it yourself in your email software. Click Forward. Sending this email will basically rewrite the headers and add Fwd: into subject. You can also click "Forward as an attachment", which will forward the original email unmodified as a message/rfc822 object. This transfer the responsibility for the message to the forwarder, which means all DKIM, SPF and DMARC signatures are verified against the forwarder and not original sender. Then its up to the receiver if he trusts the forwarder, which he propably does if he have itself set up the forward. Meaning, he don't need to rely on Gmail trusting the forwarder. If he trusts the forwarding server, its also easy for the receiver to set up rules which verifies email based on the forwarder's point of view (authentication headers and similar). -----Ursprungligt meddelande----- Från: Hal Murray via mailop <[email protected]> Skickat: den 10 februari 2024 07:26 Till: [email protected] Kopia: Hal Murray <[email protected]> Ämne: [mailop] Why is mail forwarding such a mess? I expect that there would be a protocol to handle it. I can't be the only one who has thought of this. After a handshke to set things up, the sender adds a forwarding header and the receiver verifies that a forwarded message is coming from an allowed IP Address then bypasses spam checking for that message. (but not phish/malware checking???) Is there a technical reason why something like that doesn't work? Or some economic/policical reason why too many key players aren't interested? -- These are my opinions. I hate spam. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
