The Death of Email Forwarding is an interesting read. I quote:
Over the years there have been various different approaches to authenticating email senders, but it’s been a continual arms race. Combating spam remains a problem, as does the plethora of scams and fraud that are enabled by the ease with which the email header can be forged.
In the good old days, email would let you forward messages anywhere. In fact anyone with a modicum of skill could cheekily spoof the “From” address from a home computer.
Harmless fun to pretend you’re thedonald@whitehouse.gov
But in the early days only academics and defence experts used email. Then, before the general public was quite ready for it this untested product was released and revolutionised things. So Junk Mail became globalised. Spam exploded in the ’90s. Black- and whitelists tried to keep up, but the faking industry prevailed.
Early email protocols worked imperfectly. And it seems that technical fixes (cryptographic signatures in the domain name system to verify that messages have not been tampered with) are not universally used.
The promised land (secure headers) means forwarding doesn’t work particularly well, as those headers have to survive. Ever see that message, even from a trusted source, that the security header could not be authenticated?
In short: stronger anti-spam defenses have come at the cost of reliable forwarding, so don’t do it if its important. But who said we can’t always have nice things?
Get yourself a proper email address with all the proper security built in and dump the consumer email address and stop forwarding, unless you’re passing on something nice.
