Author Topic: NOW FIXED ON RICHWEB: Why Forwarding your Email is a BAD idea  (Read 1149 times)

Offline Doug Hazard

  • Richweb Staff (Admin)
  • Newbie
  • *
  • Posts: 29
  • CFB / MBB Junkie
    • http://twocentsradio.net
ADVANCE NOTE: Richweb has enabled and implemented the SRS feature on our SmarterMail mail servers. For more information about this, please visit: http://www.openspf.org/SRS

Many people want to take advantage of "email forwarding" in which a mail server auto forwards an incoming email to an email address on that local server to a different domain on a remote server. Oftentimes a user will have an ISP email address (Comcast or Verizon, for example), a free mail address (like Gmail, yahoo or Hotmail/MSN/Outlook) and a work email address. Instead of checking 2 or 3 different accounts the user will setup forwards for 1 or more accounts into an account that he/she will check, often times via a mobile device.

This is an extremely bad practice, and it is technically a broken model for multiple reasons which will be covered below. The proper way to do this (get email from multiple different accounts with different providers) is to setup a pop3 or imap pull of email from one mailbox.

For example, suppose our user has 2 email accounts: bestrealtor88@yahoo.com and bella.swan@bestrealty.net

Bella has had her yahoo account for 8 years and gets most of her email from that account and she has her smart phone programmed to check her yahoo account.  Instead of setting up her Bella.Swan@bestrealty.net account to FORWARD email to her yahoo.com account she should:
 
  • a. setup her smart phone to check both accounts;
  • - OR -
  • b. setup her yahoo account to login to her bestrealty.net account and PULL her email via pop3.
To understand why this is the case first we need to understand how email forwarding works.

If Bella were to ignore our advice and forward Bella.Swan@bestrealty.net to her yahoo account, what might happen?

If Edward.Cullen@friendlyvampires.net decides to send Bella an email to her Bella.Swan@bestrealty.net about an important contract, Bella would expect to get the email in her yahoo.com inbox, however she ALSO expects that the email will come FROM Edward.Cullen@friendlyvampires.net and NOT Bella.Swan@bestrealty.net, when she looks at the email in her yahoo account.

So the email system that operates bestrealty.net email services essentially has to impersonate friendlyvampires.net when it FORWARDS the email to yahoo.com so that the FROM header is set correctly.

Meanwhile, Edward has had a problem with Spammers impersonating his domain when they send spam. His service provider setup an SPF (Sender Permitted From) record in DNS so that only the friendlyvampires.net email servers are listed as authorized senders of email fromfriendlyvampires.net.

The yahoo email servers will pay attention to this SPF record whenaccepting email for Bella at her yahoo account. The yahoo servers may decided to block or score as spam the forwarded email because the emails servers for bestrealty.net ARE NOT listed in the SPF record as authorized senders for email coming from @friendlyvampires.net.

Clearly Edward cant contact each of the thousands of people that he emails and add any possible servers that might forward said emails he sends to anyone and add SPF records for each possible forward.

This is why the combination of an email forward and a source (SENDING) domain with an SPF record ALWAYS breaks. For source domains that DON'T use SPF records, the forwards may work (but generally be scored as more likely to be spam) so end users get confused. Bella seems to think the problem is with Edward, since "everyone else can send me email" but the problem actually lies with Bella.

Lets look at another problem that forwarding causes:

Lets say Rosalie has the domain test.com. Rosalie sets up an email forwarder for Rosalie@test.com to forward to her Rosalie2@hotmail.com.

The email service provider that runs test.com though has a big problem. Rosalie expects that ANYTHING sent to Rosalie@test.com is forwarded on - does the provider attempt to forward ALL email including all the spam that she has been getting lately, or does ittry to filter the SPAM? Since Rosalie is only using the intermediate email as a forward, she does not login to that account to set her spam settings, or check her spam folder most likely on a regular basis. The only reason she wanted to forward her email was to have only 1 mailbox to check. Having to manage spam settings on multiple mailboxes and track down where spam is trapped (if a legit message was snagged in a filter) defeats the whole purpose of the forwarding for Rosalie.

Lets say Rosalie get 10 valid emails a day on average. For most email addresses and/or domains that have been use for more than a year 10 SPAMs coming in for every legitimate email. This means that thetest.com email server is going to actually have to forward 100 additional SPAMs a day to Hotmail or some lesser number depending on how much they can filter out.

Of course the Hotmail Mail Firewall sees this behavior (100 SPAMs aday from the same sending machine) and quickly blacklists (refuses ALL messages from) the test.com email server. Not only is the email server that runs test.com seen as a SPAMMER, test.com is now seen as a SPAM SOURCE. This means that the reputation of both Rosalie's domain and her service provider is damaged - not good for Rosalie OR the operators of the mail server she hosts her test.com domain at. Rosalie can always get a new domain or try to get her domain off the blacklist, but for the company that operates the mail servers that host her domain the blacklisted ipv4 addresses of the mail server could cause thousands of mails to be dropped or delayed and many hours to sort out with many customers and domains affected.

Additionally, if Rosalie has setup a catch-all email address -i.e. @test.com so that sales@, info@, jules@, etc all work and go toher Hotmail account via a forward then we all have an even bigger problem. If a SPAMMER tries a dictionary attack against test.com - sending hundreds or thousands of emails to made up addresses @test.com then the test.com email service provider will be forwarding ALL of those messages on to Hotmail, which will have the server blacklisted within minutes.

Suddenly Rosalie stops getting ANY email into her Hotmail account thatshe expects from her forwarded account. Who does she call?

Well, she will be lucky if she can actually get anyone from a large ISP(Verizon/Comcast/Embarq, etc) or large mail provider (Hotmail, Gmail, Yahoo) to talk to. And even if she could she would get the no problem here, must be on the other end response, because as far as that provider is concerned, all they are doing is saving her the headache of getting an additional 110 SPAMs a day (her 100 SPAMs plus the 10legit emails).

Remember, when one individual user tries to deal with large companies that process millions of emails an hour, its impossible for them to really care or worry much about a few legit emails that get blocked. Blocking the massive SPAM inflow is much more important, because if their customers get thousands of SPAMs each day, they would simply not use and/or pay for their service.

So next Rosalie calls the provider of test.com to investigate the problem on their side. The answer she will get is: "no problem here,we see that Hotmail.com is blocking our attempts to send email". The provider may or may not be able to get Hotmail.com to take action and fix this. More often than not, this is very time consuming for the providers to track down a human on the opposite side that is able to fix the problem.

So email remains broken, or in a state of flux(sometimes works, sometimes does not, depending on whether Hotmail removes the blacklist after a period or not, and depending on how much SPAM comes through the auto forward).

Finally, to avoid the forwarding of SPAM mess discussed above. most providers (if they have any clue at all) will fully SPAM filter all email BEFORE its forwarded, so they avoid getting blacklisted for forwarding SPAM. This means that an email will take the following path:
SENDER :: FORWARDER_FIREWALL :: FORWARDER :: RECIP_FIREWALL :: RECIPIENT
Either of the 2 firewalls - FORWARDER or RECIPIENT can possibly rejecta message due to it matching:
 
  • SPAM or SPAM-like content (often the case if you forward off color jokes, or other chain letter type email)
  • VIRUS or SPYWARE
  • DANGEROUS file names or file contents (like a "cool" screensaver you found)
  • LARGE FILE ATTACHMENTS (multiple photos for example)
Each of the firewalls will have different policies (support FORWARDING firewall allows 20 MB attachments, but RECIPIENT firewall only allows5 MB attachments because its a FREE ACCOUNT!)

Troubleshooting where the email was blocked wastes the time and resources of each provider (FORWARDING and RECIPIENT) neither of which will be sure where the problem really is unless they investigate manually, which generates zero profits, only costs for the providers.

Many web hosts are now banning email forwarding to third party email accounts, removing the capability all together. And the result for these hosts is a serious decrease in spam complaints against their servers. Richweb does not ban email forwarding just yet, but it is inevitable that for most providers that forwarding email externally is just too much trouble, and the benefits to everyone by turning it off, far outweigh any benefits of having this so called "feature".
« Last Edit: May 22, 2016, 12:15:41 pm by Doug Hazard »
Doug "Bear" Hazard
@BearlyDoug  |  @GridironHistory  |  @Hogville | http://gridironhistory.com

Co-Host of Two Cents Radio, powered by the SportsManCave.com Radio Network, Wednesday Nights from 8 PM to 10 PM Central, covering SEC and Sun Belt Sports.

Listen at SMCRadio.com and follow @TwoCentsRadio on Twitter!

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Note: this post will not display until it's been approved by a moderator.
Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What is the name of the company behind these forums? (7 letters, no space):