Forwarding Mail – No Longer Easy

Forwarding mail. Once a popular way to consolidate your mail into a single mailbox is no longer simple. Why? Spam and phishing.

Spam and Phishing

Spam and phishing email that looks like it was sent by an individual, company or organization can damage their reputation and even lead to a serious security breach. Everyone with a domain needs to protect the reputation of that domain from others attempting to  use it for bad (spam and phishing).

SPF and DKIM to the Rescue

The fundamental problem rests in the SMTP protocol. SMTP allows you to send email as anyone@anywhere. You might call that a design flaw, or a feature, it really depends on your point of view. To help prevent people from forging “hey_you@yourbank.com” you can use SPF, DKIM or both. These new email server extensions add DNS records to your domain that allow you to specify what servers are allowed to send mail for your domain as well as the policy for mail that isn’t sent from those servers.

SPF and DKIM are Bad (for forwarding)

What does all that means for forwarded mail? Any domain using SPF or DKIM without also specifying the forwarding server as allowed to send mail for that domain cause mail sent from the forwarding server to be rejected.

Forwarding spam is another reason forwarding mail is now difficult. By forwarding spam you make us look like spammers. That can hurt our reputation and cause our IP addresses to be blocked.

Welcome to the modern world.