Email Forwarding Is Bad: Why you should never forward email.

Forwarding mail is defined as re-sending mail from one mailbox to another.  For the sake of this discussion, we’re going to assume that you have an email account on a private domain name hosted at any web hosting company online, or even on your own VPS or dedicated server. We’ll use this tidbitsfortechs.com’s name as an example.  For our example email addresses we’ll use the name [ryansemailaddress]@. It’s in brackets so that it’s automatically broken- we don’t want anyone trying to send emails to it because it’s not real.

Ryan has to deal with many different email addresses, including [ryansemailaddress]@tidbitsfortechs.com. But Ryan doesn’t want to have to check every single address every day, and would like to have them all centrally located. We’d all agree that this is a reasonable need.

If this were 2003, Ryan would just forward the mail from [ryansemailaddress]@tidbitsfortechs.com to his email address [ryansemailaddress]@hotmail.com and it would be absolutely fine. The forward would work, and the problem would be solved.

But this isn’t 2003 anymore, and it won’t work correctly.

The Big Problem

Forget about email for a moment, and try to remember the last time you went to the airport and boarded an airplane. Depending on when that was, you may have been asked by a tired looking guy with a badge if anyone has asked you to carry a package for them. Why? Because that nice guy who just really needed to get that package to his grandma for her birthday wasn’t sending cookies. If you get on board a plane with his package, you’re now an accomplice. And when the sleepy guy with a badge finds out you’re carrying a suspicious package, chances are it’s going to be pretty hard for you to explain that away. In fact you might have a really hard time ever flying again.

How does this relate to email forwarding? I’m glad you asked!

Meet Joe Spammer. Joe Spammer is a real jerk, and he wants people to click on his links so he can steal their credit card numbers. Mail providers around the world keep an eye out for Joe Spammer’s spam, and they block it whenever they see it. Joe is especially bad in that he breaks into other peoples email accounts to send his spam.

So lets follow one of Joe Spammers emails. JS sends an email to [ryansemailaddress]@tidbitsfortechs.com, and Ryan, being on a quest for efficiency, has forwarded all email to [ryansemailaddress]@hotmail.com (or gmail, or msn, you get the idea). Hotmail.com looks at the email, and says “hey, this looks just like Joe Spammer!” and subsequently blocks the mail from arriving.

Normally, you’d think that that mail being blocked is a good thing. But it’s not. Why? Because Joe Spammer wasn’t the last person to touch that email. [ryansemailaddress] was! And now, [ryansemailaddress]@tidbitsfortechs.com is believed to be an agent for Joe Spammer, intentional or otherwise,  and is blocked.

But wait- there’s more. Now everything @tidbitsfortechs.com is suspect, and before you know it, the mail reputation for the entire domain is ruined. All email is blocked and can’t get to its destination. Yes, email providers rank email coming from any address at your domain, and will block your entire domain based on this.

You technical types, don’t bother looking for an RFC to find out how that works- there isn’t one. We’re in Magic Black Box territory here. Each mail provider does things their own proprietary way, and they’re not obligated to tell anyone how they do it.

Don’t Forward Email. Retrieve it.

If forwarding is bad, how do you get all your email into one inbox? Gmail, Outlook, and other email providers offer ways to use POP or IMAP to retrieve mails from another account and include them in your inbox. This is different than forwarding, because it’s being asked to retrieve the email instead of having random spammy emails forced down its throat.

Here are tutorials on how to turn on and use POP retrieval on Gmail and Outlook/MSN/Hotmail:

https://support.google.com/mail/answer/21289?hl=en&co=GENIE.Platform%3DDesktop

https://support.office.com/en-us/article/add-your-other-email-accounts-to-outlook-com-c5224df4-5885-4e79-91ba-523aa743f0ba

You’ll need to know the POP settings for your email accounts, and your web host can provide you with those. Hint: Search google for “mywebhost.com pop settings”.

TL;DR

This isn’t 2003 anymore. Don’t be the last person to send a piece of spam to its final destination. Use POP retrieval to move mail from one box to another. Don’t forward email, and you won’t get blocked.

More Info

We’re not the only ones who say “don’t forward email” and so you don’t have to believe me. Instead believe the really smart guys at Oregon State University:

http://oregonstate.edu/helpdocs/forward-mail-exchange-gmail-not-recommended

And if you’re interested, I’ve written on this topic before:

How Autoresponders and Email Forwarding make you an Accidental Spammer.

3 comments

1 ping

    • Ann on October 17, 2019 at 4:01 pm
    • Reply

    Valuable to me. I was going to forward to keep a jerk away. Hope this works.

  1. This article makes an implicit assumption : there is an email server receiving email for [ryansemailaddress]@tidbitsfortechs.com.

    Fair enough.
    But the fast majority of questions about email forwarding I read are for another use case : there is no email server for domain [ryansemailaddress]@mydomain.com.
    Most domain providers provide email forwarding , but you have to pay for a real mailbox.
    A lot of people are not prepared to pay for domain mail if they already have a Gmail account.
    Now, when you want to use a service like CloudFlare , they do not provide email forwarding.
    This is why people come up with all sort of solutions for email forwarding like MailGun, SendGrid or Open Source solutions like forwardemail.net.
    BTW: I tried MailGun and all email to Yahoo was blocked. Wasted two days of my time.
    I have been looking into a proper solution for email forwarding for quite some time and they all have advantages and disadvantages.

    1. Indeed, this article bases its statements on email that is self hosted on a domain using either a private server (VPS or dedicated) or a commodity web hosting configuration. But really any configuration where address@mydomain.com is re-sent (aka forwarded) to another address will have the same problems. The issue isn’t the technology used, it’s the fact that there’s no such thing as forwarding. It’s just the label we use for accepting and re-sending to another address.

      It really underlines the fact that Email Is Broken. It’s built using a 50 year old paradigm and hasn’t changed greatly in 40 years. Sure, it’s had a lot added to it (DKIM, SPF, graylisting, RBL, DNSBL, that kind of thing) but fundamentally it’s a design built for ARPANET where it was a trusted environment. Nobody redesigned it when ARPANET turned into the Internet.

  1. […] (baseball@, for example) which also forwarded to one or more personal email accounts.  Forwarding email is an insecure practice that can result in email getting blocked from your entire domain (meaning you won’t be able to […]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.