Internet and e-mail policy and practice
including Notes on Internet E-mail
Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
Home :: Email
16 Jul 2014
The recent DMARC kerfluffle has brought
new attention to mail forwarders that send mail on behalf of
We've been giving a lot of thought to ways to tell nice forwarders
from nasty ones, so that mail systems can deliver mail from the nice
ones and filter the nasty ones.
It occurs to me that there are several scenarios for the way that forwarders
work, so I've collected them in a little chart.
We assume that forwarders can sign the mail they send,
so there's no problem telling that mail from the forwarder really came
We also crudely divide agents into Good ones that send mail that the
recipients generally want, and Bad ones that send mail that the recipients
Each row of the table starts with three letters. They mean:
- G or B, the forwarder is Good or Bad
- A or U, the original message was Authenticated or Unauthenticated before it was forwarded.
Note that Unauthenticated doesn't mean "forged", since there are many ways a user can send
mail that is legitimate yet isn't authenticated.
- G or B, the original sender was Good or Bad
|GAG||Subscriber sending mail through a mailing list|
|GUG||Newspaper forward-an-article, or ESP mailing for a customer
who can't provide a signing key.|
|GAB||Compromised subscriber sending mail through a mailing list, or spammer sends to list that doesn't limit mail to subscribers|
|GUB||Spammer who's stolen a user's address book sending mail to a list to which the victim subscribes|
|BAG||Formerly legit list goes rogue (never seen it)|
|BUG||Spammer sending modified copies of mail scraped from an archive|
|BAB||Compromised user sending through malicious list (unlikely)|
|BUB||Regular old spam with fake return address.|
Stable link is https://jl.ly/Email/fwdthreat.html
My other sites
Who is this guy?
Airline ticket info
Remembering JD Falk - 10 years later
223 days ago
A keen grasp of the obvious
New Hope for the Dead
465 days ago
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will
not give, sell, or otherwise transfer addresses maintained by this
website to any other party for the purposes of initiating, or enabling
others to initiate, electronic mail messages.