Re: [tlug] Email forwarding

["Jens John" <lists@example.com>]

On Sat, 29 Jan 2022, at 11:44, Josh Glover wrote:

[1] AWS Simple Email Service writing to an S3 bucket and a Lambda function that picks up the mail and sends it on using SMTP to mail.google.com.

Email has an envelope address (SMTP mail from) and a sender address (from:). The envelope address is also referred to as the return path.

When you forward email between SMTP hosts, of course the return path changes with the path the email has taken. The scheme that encodes this expansion of the return path into the envelope address is referred to as SRS/Sender Rewriting Scheme. Under SRS, the From: header contents stay constant while the envelope address is changing. I believe that's what you're looking for.

SRS is meant to be used with SPF.

If an email is forwarded between many hosts, the large email hosters want you do to DMARC and SPF, better even ARC https://en.wikipedia.org/wiki/Authenticated_Received_Chain .

If email is not properly or not sufficiently "authenticated", hosts like Gmail will add to emails a "Via" note in the web UI, for example, "From: joshglover@example.com Via: tlug.jp" if the email came via tlug.jp but without an unbroken ARC to the email origin.

Your solution with the S3 and Lambda might be enough for your use case. However, if you want to do email "right" in your own implementation, be prepared to implement a partial SMTP server, and due to DKIM/SPF/DMARC/ARC, SMTP is not really "simple" anymore. For a more low-maintenance solution, a postfix w/ rspamd or opensrs+opendkim on a VPS might be more appropriate.

If you want to explore further, I suggest you sign up with a good host like Fastmail for a month or three, send yourself some email and observe the raw messages, or peruse the Gmail raw message view more often for debugging.