I am curious whether you are the originator, the forwarder, or the final recipient. It sounds like you are the originator. SPF validates that the immediately prior server is authorized to send on behalf of the MailFrom domain. If it is forwarded, the original SPF is violated, so some systems use SRS (Sender Rewriting Scheme) or possibly complete replacement, to ensure that the forwarded message passes the final recipient's SPF check. DKIM signatures validate after forwarding as long as the message is not modified. The two most common sources of in-transit modification:
- a Spam filter which adds "Note: This message is from an external source," or something similar, on reception. This breaks the DKIM signature.
- a mailing list which adds the mailing list name to the subject line, and a header or footer to the body, for every message that it replicates.
Most mailbox providers do not add content in their spam filters, so that autoforwarding does not alter content..
AOL/Yahoo/Verizon is the only mailbox provider with a strict DMARC policy, so those accounts do not play well in mailing lists.
I view autoforwarding as a threat, because most spam filters only evaluate the adjacent server, not the entire Received chain. Forwarding takes the safe and the dangerous and puts a common veneer on them all, allowing the bad guy to hide behind the forwarder's reputation. Fortunately, our incoming forward volume is low.
I have a dream of building a filter which examines the whole receive chain, since the vendors do not. (Always happy to learn about exceptions to that generalization.)