"David Woodhouse" asserted yet again:
With DomainKeys? Forwarding to D doesn't fail, because the message is
signed to prove that it came from you. Spoofing fails, but normal
operation of the Internet continues just fine.
But David, DomainKeys does not stop forgery. Forgers can still send forged
'plain' mesages claiming to come from the originator. Recipients have no way of
knowing that the originator only ever uses DK.
SPF is about detecting forged envelopes.
Forwarding involves forgery.
It might be claimed that it is 'benign' forgery, because it provides a useful
service.
But the kind of forwarding we are discussing is done at the behest of the
recipient, not of the sender.
It is the sender's mail-from address which is being abused / forged without her
knowledge / permission.
Logically you must be taking one of the following four positions:
1) That forwarding does not involve forgery and SMTP abuse,
2) That forwarding involves forgery and abuse, but is benign and therefore
should be tolerated within SPF,
3) That all mail-from forgery should be permitted, and therefore SPF
should not exist,
4) That SMTP should be re-designed to accommodate forwarding.
Which is it?
Chris Haynes