Wandering Thoughts archives


Modern mail forwarding is leaky

As I noted in my entry on how DMARC would affect us, modern mail forwarding is now leaky in practice. In the old days, if you forwarded your mail from address A to address B you could be reasonably sure that everything that made it to address A would also make it to address B. In the modern world this is no longer necessarily so; it's quite likely that some amount of the mail that was accepted by the mail system for address A will not get accepted by address B. This lost email has leaked out of the system (and the senders may or may not ever find out about it).

Of course there are all sorts of things that will cause mail to leak, and not all of them are bad. Certainly some of the leaked email will be spam that mail system B does a better job of recognizing than mail system A (which is especially likely when mail system B is a lot larger and more sophisticated than mail system A). In a world with an increasing amount of DMARC 'reject' policies, some of it may be email that is considered illegitimate by the origin domain's policy (whether or not it actually is illegitimate). But it can also be email that is mis-classified as bad by mail system B, or email that is simply caught up as collateral damage because mail system B sees too much bad stuff coming from mail system A.

(There are various ways for the collateral damage to happen beyond the straightforward.)

Naturally it's somewhat hard to measure how much nominal leakage there is and very hard to measure how much leakage of legitimate email there is (at least without doing intrusive and privacy violating monitoring of bounces and their content).

Of course, leaky forwarding is not new. Forwarding has been slowly becoming leakier and leakier over the years as spam and other bad stuff became an increasingly large part of email and as places got very varied levels of anti-spam filtering. But I'm not certain that our users understand that and I'm pretty certain that our documentation about how to set up forwarding doesn't contain any real discussion of the possibilities (and I suspect that that should change).

PS: I'm implicitly ignoring in this anyone who wants to forward all of their email, spam included, from mail system A to mail system B. That just doesn't work at all these days; there will be a firehose of 'leakage' as mail system B laughs at your spam.

spam/ModernForwardingIsLeaky written at 01:59:53; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.