Why Forwarding your Email is a BAD idea

Many people want to take advantage of "email forwarding" in which amail server auto forwards an incoming email to an email address onthat local server to a different domain on a remote server. Oftentimes a user will have an ISP email address (comcast, or verizon forexample), a freemail address (like gmail, yahoo or hotmail) and a workemail address. Instead of checking 2 or 3 different accounts the userwill setup forwards for 1 or more accounts into an account that he/shewill check, often times via a mobile device.

This is an extremely bad practice, and it is technically a brokenmodel for multiple reasons which will be covered below. The proper wayto do this (get email from multiple different accounts with differentproviders) is to setup a pop3 or imap pull of email from one mailbox.

For example, suppose our user has 2 email accounts: bestrealtor88@yahoo.combella.swan@bestrealty.net

Bella has had her yahoo account for 8 years and gets most of her emailfrom that account and she has her smart phone programmed to check heryahoo account.  Instead of setting up her Bella.Swan@bestrealty.netaccount to FORWARD email to her yahoo.com account she should:

  • a. setup her smart phone to check both accounts;
  • - OR -
  • b. setup her yahoo account to login to her bestrealty.net account and PULL her email via pop3.

To understand why this is the case first we need to understand howemail forwarding works.

If Bella were to ignore our advice and forwardBella.Swan@bestrealty.net to her yahoo account what might happen?

If Edward.Cullen@friendlyvampires.net decides to send Bella an emailto her Bella.Swan@bestrealty.net about an important contract, Bellawould expect to get the email in her yahoo.com inbox, but she ALSOexpects that the email will come FROMEdward.Cullen@friendlyvampires.net and NOT Bella.Swan@bestrealty.netwhen she looks at the email in her yahoo account.

So the email system that operates bestrealty.net email servicesessentially has to impersonate friendlyvampires.net when it FORWARDSthe email to yahoo.com so that the FROM header is set correctly.

Meanwhile, Edward has had a problem with Spammers impersonating hisdomain when they send spam. His service provider setup an SPF (SenderPermitted From) record in DNS so that only the friendlyvampires.netemail servers are listed as authorized senders of email fromfriendlyvampires.net.

The yahoo email servers will pay attention to this SPF record whenaccepting email for Bella at her yahoo account. The yahoo servers maydecided to block or score as spam the forwarded email becausethe emails servers for bestrealty.net ARE NOT listed in the SPF recordas authorized senders for email coming from @friendlyvampires.net.

Clearly Edward cant contact each of the thousands of people that heemails and add any possible servers that might forward said emails he sendsto anyone and add SPF records for each possible forward.

This is why the combination of an email forward and a source (SENDING)domain with an SPF record ALWAYS breaks. For source domains that DONTuse SPF records, the forwards may work (but generally be scored asmore likely to be spam) so end users get confused. Bella seems tothink the problem is with Edward, since "everyone else can send meemail" but the problem actually lies with Bella.

Lets look at another problem that forwarding causes:

Lets say Rosalie has the domain test.com. Rosalie sets up an emailforwarder for Rosalie@test.com to forward to her Rosalie2@hotmail.com.

The email service provider that runs test.com though has a bigproblem. Rosalie expects that ANYTHING sent to Rosalie@test.com isforwarded on - does the provider attempt to forward ALL emailincluding all the spam that she has been getting lately, or does ittry to filter the SPAM? Since Rosalie is only using the intermediateemail as a forward, she does not login to that account to set her spamsettings, or check her spam folder most likely on a regular basis. Theonly reason she wanted to forward her email was to have only 1 mailboxto check. Having to manage spam settings on multiple mailboxes andtrack down where spam is trapped (if a legit message was snagged in afilter) defeats the whole purpose of the forwarding for Rosalie.

Lets say Rosalie get 10 valid emails a day on average. For most emailaddresses and/or domains that have been use for more than a year 10SPAMs coming in for every legitimate email. This means that thetest.com email server is going to actually have to forward 100 additional SPAMs a day to hotmail or some lesser number depending onhow much they can filter out.

Of course the hotmail Mail Firewall sees this behavior (100 SPAMs aday from the same sending machine) and quickly blacklists (refuses ALLmessages from) the test.com email server. Not only is the email serverthat runs test.com seen as a SPAMMER, test.com is now seen as a SPAMSOURCE. This means that the reputation of both Rosalie's domain and herservice provider is damaged - not good for Rosalie OR the operators ofthe mail server she hosts her test.com domain at. Rosalie can alwaysget a new domain or try to get her domain off the blacklist, but forthe company that operates the mail servers that host her domain theblacklisted ipv4 addresses of the mail server could cause thousands ofmails to be dropped or delayed and many hours to sort out with manycustomers and domains affected.

Additionally, if Rosalie has setup a catch-all email address -i.e. @test.com so that sales@, info@, jules@, etc all work and go toher hotmail account via a forward then we all have an even biggerproblem. If a SPAMMER tries a dictionary attack against test.com - sendinghundreds or thousands of emails to made up addresses @test.com thenthe test.com email service provider will be forwarding ALL of thosemessages on to hotmail, which will have the server blacklisted withinminutes.

Suddenly Rosalie stops getting ANY email into her Hotmail account thatshe expects from her forwarded account. Who does she call ? Well, she willbe lucky if she can actually get anyone from a large ISP(Verizon/Comcast/Embarq, etc) or large mail provider (hotmail, gmail,yahoo) to talk to. And even if she could she would get the no problemhere, must be on the other end response, because as far as thatprovider is concerned, all they are doing is saving her the headacheof getting an additonal 110 SPAMs a day (her 100 SPAMs plus the 10legit emails).

Remember, when one individual user tries to deal with large companies thatprocess millions of emails an hour, its impossible for them to reallycare or worry much about a few legit emails that get blocked. Blockingthe massive SPAM inflow is much more important, because if theircustomers get thousands of SPAMs each day, they would simply not useand/or pay for their service.

So next Rosalie calls the provider of test.com to investigate theproblem on their side. The answer she will get is: "no problem here,we see that hotmail.com is blocking our attempts to send email". Theprovider may or may not be able to get hotmail.com to take action andfix this. More often than not, this is very time consuming for theproviders to track down a human on the opposite side that is able tofix the problem. So email remains broken, or in a state of flux(sometimes works, sometimes does not, depending on whether hotmailremoves the blacklist after a period or not, and depending on how muchSPAM comes through the auto forward).

Finally, to avoid the forwarding of SPAM mess discussed above. mostproviders (if they have any clue at all) will fully SPAM filter allemail BEFORE its forwarded, so they avoid getting blacklisted forforwarding SPAM. This means that an email will take the followingpath:
SENDER :: FORWARDER_FIREWALL :: FORWARDER :: RECIP_FIREWALL :: RECIPIENT

Either of the 2 firewalls - FORWARDER or RECIPIENT can possibly rejecta message due to it matching:

  1. 1. SPAM or SPAM-like content (often the case if you forward off colorjokes, or other chain letter type email)
  2. 2. VIRUS or SPYWARE
  3. 3. DANGEROUS file names or file contents (like a "cool" screensaveryou found)
  4. 4. LARGE FILE ATTACHMENTS (multiple photos for example)

Each of the firewalls will have different policies (support FORWARDINGfirewall allows 20 MB attachments, but RECIPIENT firewall only allows5 MB attachments because its a FREE ACCOUNT!)

Troubleshooting where the email was blocked wastes the time andresources of each provider (FORWARDING and RECIPIENT) neither of whichwill be sure where the problem really is unless they investigatemanually, which generates zero profits, only costs for the providers.

Many web hosts are now banning email forwarding to third party emailaccounts, removing the capability all together. And the result forthese hosts is a serious decrease in spam complaints against theirservers. Richweb does not ban email forwarding just yet, but it isinevitable that for most providers that forwarding email externally isjust too much trouble, and the benefits to everyone by turning it off, far outweigh any benefits of having this so called "feature".