I'd like to share a few thoughts regarding the external forwarding to dangerous domain like gmail and yahoo. What happens is that some customers forward their "business" mail like [email protected] to their mobile devices and their personal @gmail or @yahoo domains. This creates a problem because those domains think we're spamming them from non spf/dkim sources and eventually block or severely limit their ingestion rate. Now we have a problem because also legitimate mail is delayed or returned back and customer complain. I've dealt with this issue in several ways like throttling outgoing mail to yahoo, spam-scanning every mail but the problem remains. Part of the issue is that the spam idea that google and yahoo have is quite different than the one spamassassin and plugins have, and many mails that are spammy get passed over to google etc. How do you deal with this problem ? ispcomm
What I would love to find, but haven't in past searching, is a way to attempt forwarding without the message hitting the mail queue, so the system never takes responsibility for mail delivery. You would still have to do some rate limiting and could even do spam scanning to drop obvious spam, but your own mail queue doesn't fill. Right now you can use SRS to be SPF compliant in forwarding, though the new best practice is for the sender to use DMARQ to specify that either SPF or DKIM needs to pass, but not both (then you just forward without breaking DKIM and don't worry about SPF).
