Am 2020-10-08 15:53, schrieb Markus Wild:
No, I hate SPF because it breaks basic SMTP relaying, or in more enduser speak: redirected mails. Mail is _NOT_ always delivered directly from origin to target, it is quite frequent, that mails get redirected to 3rd party systems. Some SPF advocates just accept their mails failing because they consider mail redirects to be evil. Fine. To really fix those redirect issues, _all_ possibly relaying servers would have to adopt some kind of sender rewriting scheme, which as far as I recall, can blow up sender email addresses to sizes that will exceed RFC standards in very few iterations. Also, in these cases the relaying server will originate 3rd party mails with its own domain name, possibly turning it into a spam funnel. So, for me, SPF is broken by design, and no amount of additional tinkering around its pitfalls will fix that.
Mail-forwarding creates a host of other problems, thus we discourage it.
If you accept a spam-mail (for whatever reason) and it gets forwarded, the other side may decide that you are the spammer and block your IP.
Arguably, this can be minimized with better ingress spam control (and maybe egress spam control) - but you never know what somebody on the other side may deem to be spam and what not.
The large mail-providers will tighten the screws ever more so slightly, so people will have to learn how to fix their mail (or use a 3rd-party service that send from a subdomain...).
There's a reason that even UBS and Credit-Suisse, who long seemed unable to add SPF records (and still refuse to add DKIM records) now have at least SPF records.