This is complicated and geeky, but I’ll try to explain this in a way most of you can “get” it. You already have a problem if you automatically “forward” your email from an address like Newsletters [at] YourOwnDomain.com to, say, GMail.
Back in the days when we got our email addresses from your ISP — some might remember my arcie used to be at netcom.com — we realized that it might be nice to have an address that could be re-pointed, in case you switched ISPs; the company POBox.com sprung up to help, among many others. Of course then there was Yahoo Mail, and then GMail, and others, free or not.
There are two main things that many of these companies can do with your incoming mail: 1) provide a mailbox, to where you set up a mailer app like Outlook or Thunderbird to connect, log in, and download your mail, or 2) forward your mail to somewhere else that does have a mailbox for you to read it from.
That was very, very popular, that forwarding thing. Not anymore.
Spammers Messed It Up for You
You don’t want to use forwarders anymore. The why has to do with the fraternal triplets, SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting and Conformance), and DKIM (DomainKeys Identified Mail).
First, all this complicated stuff is a good thing because 1) it protects you from enormous amounts of spam, and 2) it greatly, but not completely, protects me from being accused of being a spammer.
I’m not going to go into the technical details of what those all are; if you want an overview, you can get overviews from Wikipedia:
- SPF specifies who is allowed to send from a domain name (e.g., thisistrue.com).
- DMARC specifies what recipient servers should do with mail that fails the SPF rules (and also allows senders to get feedback on some percentage of the mail that is handled by a recipient server, if the recipient supports that).
- DKIM is a cryptographic signing mechanism for email to prove the mail was sent by an authorized server.
Thisistrue.com has SPF, DMARC, and DKIM set up to tell big mailbox providers, such as Yahoo and Gmail and many others, how to tell if a message really is from thisistrue.com. The “set of rules” say, for instance, that my list provider, Aweber, is allowed to send mail “from” thisistrue.com even though their servers are sending that message from something.aweber.com.
The rules also say that thisistrue.com itself might use this or that I.P. address, which are allowed to send mail for thisistrue.com; it doesn’t take a server’s “word” for it that it’s a thisistrue.com server, it checks. Every time.
“Aweber is allowed” or “coming from a listed thisistrue.com server” gives the mailbox provider confidence that the message is something you want, not spam, and it all happens in a tiny fraction of a second, millions or even billions of times per minute, all over the world. And we all do this because to fight off spammers. [You have seen my Spam Primer, right?]
Here’s Why Forwarding is Now Broken
OK, so you sign up to get mail from True and put in your forwarding address, tommy [at] tommy2forward.xyz, which automatically forwards the newsletter to your real mailbox at GMail. Then a newsletter comes out, bounces through your forwarder, and arrives at your GMail mailbox, which looks at it: it says it’s “from” thisistrue.com, it checks to see what servers are allowed to send mail for thisistrue.com, and it makes a discovery:
tommy2forward.xyz is definitely NOT an allowed sender for thisistrue.com!
So what does GMail then DO? First, it looks at what thisistrue.com suggests: the choices are do nothing, “quarantine” it (e.g., put it in the folder called “spam”), or reject it completely. Since I send tens of thousands of emails per week, my directive is “reject”.
This is a very good thing for me, since it makes the thisistrue.com domain a terrible domain for spammers to use, because they know they can’t pass the checks outlined in the rules: their garbage can’t get through by dressing up as thisistrue.com mail.
GMail and other large inbox providers — the smart ones, at least — gather data to thwart spammers, and they “notice” these things. That gives mailers like me “points” on the plus side, indications that our mail is actually wanted, not spam. It’s not foolproof, as all of these companies have very complex rulesets to make the spam/not spam decision, but the positive “points” help.
But meanwhile, forwarded mail is left out in the cold because GMail, Yahoo, and many other giant mailbox providers have started to enforce adherence to what mail senders say to do in our rules, what we set up — the “Quarantine” or “Reject” directives, and they are allowed to escalate (Nothing to Quarantine, or Quarantine to Reject, or even Nothing to Reject) as they wish because, after all, they “own” the mailbox.
(Hint: you don’t own your own mailbox unless it’s your domain and your server; then it’s up to you …or your server’s hardware provider, or your server’s ISP.)
But what happens if senders like me (or you!) don’t set up those rulesets to take ownership of our mail? That is counted as negative points, making it much less likely for the message to get through. Don’t worry: mail “from” your own GMail (or Yahoo or…) address will pass these rules if you send via them, because those companies “sign” the mail they send from addresses they provide. But that won’t work if you “fake” the from address and relay mail through a different server. That is just another form of forwarding.
So, while email forwarding used to be handy, today they will cause legitimate emails to be filtered as spam.
The Switch is Already Flipped
As noted, Yahoo/GMail/etc. have already started this enforcement. Forwarders are already mostly unusable. If you’re using them, and find you are missing mail, that’s a big reason why.
What can you do if you are using a forwarder? LOG IN to your forwarding provider and see what your options are. It IS possible for forwarding to work if they change the headers to take responsibility for the email. It might be a True newsletter, but now it comes “from” your forwarding company (ick! I didn’t say it’s a pretty workaround).
Much better: see what the company you use has in the way of options. For instance, it could switch you from a Forwarder to a Mailbox — accept the mail — and then you have to use your software to “go get it” directly from there.
You can also set up, for instance, GMail to “go get it” for you: GMail → “settings” gear → See All Settings → Accounts and Import → Check mail from other accounts. The cool thing about this is, GMail will then run through all the validations and spam checks for you as if it had received the message directly.
What to Do Instead
Bottom line, if you want your email, don’t use a forwarder, use an address with an actual mailbox so there is no bounce in the middle. If you signed up with a forwarding address for This is True newsletters, you need to change your address immediately.
To what? Directly to your address that has an actual mailbox.
Extra Geeky Part: If you do forwarding from your own domain, you want to immediately stop using them for everything. Why? Because they also forward any spam received. That makes your domain a spam-sending server and gets your domain and/or I.P. address onto blacklists, which means your legitimate mail will have a harder time being delivered. That can get you booted from a server provider too.
Forwarders are a thing of the past. Move on.
– – –
Bad link? Broken image? Other problem on this page? Use the Help button lower right, and thanks.
This page is an example of my style of “Thought-Provoking Entertainment”. This is True is an email newsletter that uses “weird news” as a vehicle to explore the human condition in an entertaining way. If that sounds good, click here to open a subscribe form.
To really support This is True, you’re invited to sign up for a subscription to the much-expanded “Premium” edition:
Q: Why would I want to pay more than the minimum rate?
A: To support the publication to help it thrive and stay online: this kind of support means less future need for price increases (and smaller increases when they do happen), which enables more people to upgrade. This option was requested by existing Premium subscribers.
I often forward from one gmail address to another. So my professional email forwards to my personal email and my volunteering email forwards to my personal email so that when someone else has that role it will forward to their personal account.
Does this all still apply?
—
I was trying to avoid this example, but it would work on your own server because there’s no actual “sending” and and thus no “sender authorization” process. It’s a lot more complex with gmail to gmail, but I can see how it would work OK …and I can also see how it could fail completely if gmail decides to make any tweaks, which it would do without warning. But in that case, it probably wouldn’t be for the same reason(s) discussed.
All that said, this page and the first part of this reply has to do with autoforwarding, not the Forward button in gmail where you are manually sending (forwarding) a received message to someone else, which comes from you. That still works fine. I’m unclear which you meant, so answered both. -rc
Because I value my privacy, I use Duck Duck Go as an email forwarder (not for ThisisTrue, thank goodness). Does this mean I should stop doing that?
—
Depends on how DDG does it. If they’re sending it to your gmail (or whatever), maybe. If you have a DDG mailbox and you can use “throw-away” addresses for it, those are fine because they’re not being redirected to a different domain. -rc
I don’t think it’s correct to make a blanket statement that forwarding is broken and must be eliminated immediately. The ARC standard was designed to solve the exact problems you’re talking about. It depends on the specific setup, and I don’t know how widespread deployment of the standard is among providers, but what I can say is that my setup of Cloudflare (specifically, their very powerful Email Routing service) forwarding to Gmail works perfectly.
—
Yes, as noted in the introduction, this whole topic is very geeky, and I warned that I would not go deep into the technical details. This (and the first comment and response) are part of why I approached with that stance.
Yes, there are narrow exceptions possible. Authenticated Received Chain can help, but it takes expertise to set up (obviously a tech wizard can do it, but it’s quite unlikely Joe Consumer with a Bluehost or Godaddy site could). And even with ARC, RFC 8617 still shows as “experimental” after nearly six years, so it’s not something one can rely on for important mail unless they control the various steps along the way (again, a techie/big company). There is absolutely no assurance that large mailbox providers will honor the intermediate signing, or will continue to if they are doing so now on an “experimental” basis. I’m glad your specific setup seems to work for you so far. -rc
I have genuine Gmail address that receives all of my email. That mail remains on the Gmail server until deleted but is also picked up by the Outlook portion of my Microsoft 365 subscription. I use the Outlook program to read, respond and file messages. I don’t think of this as forwarding but would like to be sure.
—
Correct, that’s just fine. Outlook is simply going to gmail to pick up the mail in your inbox there. -rc
There are some E-mail providers that can host both your primary E-mail address _and_ your forwarding addresses under one umbrella, which addresses the concerns Randy posted.
I moved to Proton Mail recently, following a massive flood of spam and extortion scam E-mails thanks to a data breach that released my previous E-mail address. Proton Mail actively discusses account security, privacy, and their “hide your E-mail” concept on their website. Proton Mail allows _both_ free account holders _and_ paying account holders to use this capability, though free accounts are limited to 10 “forwarding” E-mail addresses.
I have about a dozen forwarding E-mail addresses operational at this time that I use for a variety of purposes. This Is True, ironically, has my real E-mail address (as I cannot reply from one of the “forwarding” addresses). Messages are forwarded correctly, and those senders whose messages have issues with SPM, DMARC, and/or DKIM settings get a banner added to the top of the forwarded E-mail.
—
As I understand Proton, they’re providing aliases to inboxes that they host, so they’re not really “forwarding” the messages, even if they use that term. As you indicate, this doesn’t trigger the issue. If you tried to use one to (say) bounce messages over to a gmail address, that’s what likely would cause problems. -rc
Very interesting… there are a couple of cases I wanted to ask about.
#1) My wife and I have a “joint” gmail account that auto-forwards to our individual email addresses (but also #2). I’m not sure that having our accounts read other mail work work in this situation. Based on your response to “Jeanne in Boston” above, it seems like this may be fine if the forwarded accounts are also gmail accounts.
#2) I also have some email that comes to me; I have set up “rules” on the server that forwards email to team members (for example: any email sent to “TechSupport@domain.com” will be forwarded to Tech Support people Tom and Sue). I assume (hope) that having programmed rules generates a true forwarded email, and thus doesn’t fall under this caveat.
#3) I have some web sites that allow forwarding emails, and I’m afraid that these may fall into the problem. As an example: “treasurer@ourweb.com” is an email that forwards to treasurer’s email address. Should a new person get the treasurer position, we can just change the forwarding address. From reading your description above, I’m afraid that this may break — to date, there has been no evidence that this has been a problem.
—
#1: Assuming your individual addresses are also on gmail, probably, but it’s not guaranteed to work forever. #2: Assuming the team members have addresses in the same domain, and preferably the same server, should work fine, as there is no actual email transmission leaving the server. #3: Again, it depends on whether their mailbox is on the same domain/server. If so, no problem as above. If (say) gmail, then a problem is likely unless there is some good programming going on by your staff, in which case you don’t need me, so I’m guessing you don’t have that…. -rc
As an aside, I set up my own server. I’m pretty handy at this stuff. I set up the mailboxes, the spam filtering, etc. Yet I wouldn’t even try to do the sort of work required to meet the requirements to forward messages outside the server, such as to gmail. If I really had to sort messages that way, e.g., to an outside treasurer, I’d not forward messages to them, but would instead make a mailbox for them on the server and give them instructions on how to get their email program (or gmail) to reach out to get the mail.
I do something different that a lot of people I know do. I have a gmail account, but I mostly tell people to send my mail to a forwarding service from a school I attended 65 years ago (and I have been using this service, actually supplied by the Alumni Association .org, not the school .edu) for over 25 years with very few issues or complications). Mail goes to the service, they send it to gmail for me. They also save it, and I am supposed to empty what they have accumulated every so often. Is this the sort of forwarding that is broken?
) -rc
—
Yes. It is possible that your U (I can see what it is, and I believe they are quite tech savvy) has it set up in such a way that it works, but see the comment with Micha, Israel for why it may break at some point. (Sorry for the delay in posting this: my server put it in the spam folder.
I am glad that your fifth word in the article was stated so prominently. I knew exactly what I was going to read — over my head information. Thank you for putting into words what I “thought” I shouldn’t do, but I had no idea why not to do it.
—
Glad it was helpful. -rc
I have a question here about forwarding from professional association domains. I use one.* Some folks are pleased to have their e-mail address identify them as part of a professional group (e.g., engineers, architects, realtors, whatever.)
It is a reasonable assumption that, in general, professional associations who offer forwarding mailbox services to member have skilled technical professionals who set up, oversee, and manage their forwarding services? I would hope so.
It’s my observation that I don’t have many issues with the particular forwarding service I use. In the past 25+ years there have been about three occasions in which problems arose. I noticed these instantly, contacted member services and had everything back to normal in a day or two.
*BTW, my professional organization is the IEEE Computer Society.
) -rc
—
My answer to Richard, Massachusetts also covers you, only doubly so due to it being IEEE (and I’ll add that no, his U isn’t MIT). Also, your comment was delayed for the same reason his was (
Huh. Didn’t realize this was a thing. Thank you for taking the time to explain it to the reader (me) like I was five. I rarely use a forwarding service because the only reason I’d want to use one is to “hide” my email from dodgy websites. And if I never see another email from them, I don’t feel a loss.
Legit websites get my real email address.
—
You’re the first to say I successfully explained it like you were 5! I think maybe you were a child prodigy. Glad you found it informative. -rc