Home / Blogs

How Spam Has Damaged Mail Forwarding - And Ways to Get Around It

By John Levine Author, Consultant & Speaker

Courtesy forwards have been a standard feature of e-mail systems about as long as there have been e-mail systems. A user moves or changes jobs or something, and rather than just closing the account, the mail system forwards all the mail to the user’s new address. Or a user with multiple addresses forwards them all to one place to be able to read all the mail together. Since forwarding is very cheap, it’s quite common for forwards to persist for many years.

Unfortunately, forwarding is yet another thing that spam has screwed up. If you just forward all the mail that arrives at a typical address, most of what you’ll be forwarding is spam. From the point of view of the system you’re forwarding to, you’re the one sending the spam, and they’re likely to block you.

Fortunately, there are some ways to mitigate the damage.

  • Configure separate outbound IPs, use one for forwarded mail, one for locally generated stuff. That way, if the forwarding goes wonky, only forwarded mail gets blocked. All of your outbound IPs should have reasonable and matching A and PTR records in the DNS. (This last bit applies whether you’re forwarding or not.)
  • Use all the usual conservative DNSBLs such as Spamhaus and Spamcop to hard block mail. Their error rate is low enough that you don’t have to worry about it.
  • Run the mail through Spamassassin or something similar. Some ISPs allow you to put an X-Spam-Flag: Yes header on the mail and send it along to be dropped in the user’s spam folder. Most don’t, in which case you should throw it away or put it in a local mail account they can check occasionally.
  • Point out to your forwarding users that it is cheap and easy to configure modern mail programs to check multiple accounts. Rather than forwarding the mail somewhere else, deliver it to a local mailbox and have them configure their mail program to pick it up along with mail from other accounts. Most webmail systems now have a way to import mail via POP (the same way desktop mail programs pick it up). Even if there’s a lot of spam mixed in, it won’t affect your system’s outgoing reputation since you didn’t send it to their incoming mail server.
  • If you control your IP ranges, sign up for feedback loops at the ISPs you forward to, so you can see what people are complaining about.

If you do these, you should get mail through to most places. The local pickup trick will get mail through to anywhere.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Traditional courtesy forwards are likely also illegal Alessandro Vesely  –  Mar 6, 2012 8:02 PM

Some countries, e.g. Australia, Canada, Europe, have rules to protect the rights of email address owners.  A dot-forward file with an external email address written in it, should be accessible by the owner of that address.

As quibblish as this may sound, that principle has the potential to kill all the murkily legal spam.  By requiring that each stored email address be notified and accessible to its owner—except personal address books—we can bring fairness to the email business.  In fact, mailing lists, newsletters, and any case where the delivery addresses are not set interactively, are a case of forwarding that could be fixed.  See fixforwarding.org.

# 1 Reply  |  Link  |  Report Problems
Huh? John Levine  –  Mar 6, 2012 8:05 PM

All the courtesy forwards I know are set up at the request of the user of the address. This comment makes no sense.

# 2 Reply  |  Link  |  Report Problems
I don't even understand this comment. Phil Howard  –  Mar 6, 2012 9:40 PM

I don't even understand this comment. Either an email provider provides a forwarding service or they don't. I can't see how government regulations can require a .forward file to even be implemented, much less give email users shell access to change it. If they offer it, they can likely provide it in a profile panel. If I offered such a service I would limit forwarding to only domains I'm hosting. If you have email provided to you, you should be able to close it if you wish (or they do so for non-payment if it is a paid service). Or just leave the account open as you tell everyone to use your new email, and read from both as in the 4th suggestion.

# 3 Reply  |  Link  |  Report Problems
Sorry I wasn't clear Alessandro Vesely  –  Mar 7, 2012 5:46 PM

IANAL, but I don't think laws differentiate dot-forwards from mailing lists. The same obligations to prove opt-in and give opt-out information hold. Indeed, that's what full blown vanity email address providers do. The fourth of John's suggestions above is more internationally valid than the others.

# 4 Reply  |  Link  |  Report Problems

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

View All Topics