Email Forwarding and why it’s a bad idea
Many people take advantage of “email forwarding” – the ability to easily forward email from your domain onto for example your hotmail or gmail home address.
Sounds a perfectly good thing to do, and what harm can it possible cause? In actual fact – a LOT of harm, to you and any other people hosted on the same server as you!
Lets say your name is dave, and you have the domain poundshop.com. You setup an email forwarder for dave@poundshop.com to forward to your dave1296@hotmail.com, and all your email arrives very conveniently for you at Hotmail for you to read, and process in the normal way.
But ANYTHING sent to dave@poundshop.com is forwarded on – including all the spam that you’ve been getting lately. This causes 2 main problems:
1) Some ISPs (such as Hotmail and AOL) don’t recognise the true source of the spam, seeing it as originating from the last “hop” in the delivery route – ie: your poundshop.com domain, and our server.
2) Some ISPs have spam filters in place based on the volume of incoming email, and if you suddenly get a lot of spam email, or – more likely – a lot of “bounced emails” caused by someone spoofing your dave@poundshop.com address, then there’s the potential for a serious volume of email to all be forwarded onto your chosen destination.
Both scenarios above have the same result – YOU are seen as the spammer, and as a result – the reputation of your domain, and the entire server (with all the other customers hosted on it) is decreased, leading to increased risk of your email being considered spam, or worst case scenario – being totally blacklisted by an ISP or major blacklist provider.
The situation increases exponentially when you setup “catch-all” email forwarding, when EVERYTHING@poundshop.com is forwarded on. Imagine a spam attack where the spammer sends literally millions of emails to any_word_or_phrase@poundshop.com – all of which are forwarded on, and all of which result in you “spamming” yourself.
Our advice – NEVER use catch-all email forwarding (in fact never use catch-all email full stop), and only consider email forwarding of any sort if you 100% really have to. Personally I cannot see any valid reason for needing to forward email. Some people say that forwarding to Hotmail is convenient as it allows them to pickup their mail from anywhere. These people don’t realise we provide a perfectly good webmail system to do just that. Others say it allows them to collect all their various emails into one handy account, and therefore not login to multiple email boxes – this is fine – but forward them all to an address on your domain – NOT an external one.
Many web hosts are now banning email forwarding, removing the capability all together. And the result for these hosts is a serious decrease in spam complaints against their servers. We’re not planning on removing email forwarding just yet, but in the long run, it might be inevitable for anyone running a mailserver to come to the conclusion that forwarding email externally is just too much trouble, and the benefits to everyone by turning it off, far outweigh any benefits of having this so called “feature”.
Tags: blacklist, catchall, default email, email, email forwarding, mail, spam
April 22nd, 2009 at 6:13 pm
I understand the point you are making. However, wouldn’t a better solution be to filter the e-mails arriving at your server(s) rather than pass them on to the ISPs ? We use e-mail forwarding to split e-mails sent to Holiday Mull and forward to the various officers. The alternative of having to put their own e-mails on the Holiday Mull web site isn’t very appealing, and the methods for cloaking real e-mail addresses all seem to carry a downside.
Tim Dawson
April 22nd, 2009 at 6:22 pm
Hi Tim,
not 100% sure what you’re meaning here… the ONLY reason we pass emails onto the ISPs is because the clients have setup (in their control panels) email forwarders to do just that… Personally, I’d be delighted (and have considerably less issues) if clients chose NOT to forward the email onto their ISP’s but until they stop (either through realising the issues, or by us deciding to ban such activity) it’ll keep happenning… some people just cannot seem to think past using hotmail for all their email!
June 4th, 2009 at 2:08 pm
I manage 12 domains/websites and have email addresses connected to each one and have them forward to my Gmail account.
I use several computers (mac & PC) so having my mail “in the cloud” is the only way to keep it all together and updated.
It would not look very professional to have an email address that didn’t match the domain.
Am I right in thinking that IMAP would help my situation in managing mail from several computers?
If so is IMAP available from you?
Does forwarded mail go through the SpamAssasin filters before it gets forwarded?
June 4th, 2009 at 9:49 pm
Paul,
I understand your situation of course – it’s not an uncommon one, and in no way am I suggesting that you use an email that doesn’t match up with your domain – you’re right – it wouldn’t look professional. The issue here is that many of these 3rd party mail providers (like hotmail or aol) that people forward to, use some of the most aggressive (and very automatic) anti-spam filters and rules etc… so a LOT of what gets sent to them gets marked as spam (much of which is not spam).
To answer your 2 questions – Yes – using IMAP will likely help your scenario of working on multiple computers (it’s how we allow multiple staff to access our info@ account etc).
No – It’s a well know Cpanel “issue” (that all cpanel hosts would love resolved) that forwarded emails do NOT get parsed by Spam Assassin. Makes no sense I know, but there are some technical reasons why Cpanel haven’t implemented a solution to this yet. Short term solution is as follows:
1. Add a POP3 account for each forwarder
2. Set up a filter on that POP3 account to discard any mail with a spam score greater than xx
3. Set up the forwarder
Then and only then will spamassassin filter the incoming mail before forwarding it on. You will of course have to then consider how to “empty” the mailbox every so often to prevent it going over-quota after time. Hope this all helps