Email forwarding is a popular feature among users who prefer a single email account for receiving emails from different email addresses that they own. However this convenience might contribute to hamper your email server’s reputation. In addition to the increased load for the server to handle when emails get rejected by your remote email account mail server (for various reasons) which get filled up in the queue, it may also get your mail server blacklisted.
Let us consider the following example where John has the email account “email@example.com” and is forwarding several of his email addresses (like firstname.lastname@example.org which are hosted on his server) to the Gmail account. Spammers usually use a fake email address when sending spam emails as they don’t want to receive the bounced messages and does not want to identify who they really are. When email@example.com receives such a spam email, the mail server would forward this email directly to his Gmail account since the email forwarding feature in a cPanel server forwards all emails without any SpamAssassin filtering. During the email delivery to Gmail’s server, Gmail’s spam filter will detect it as a spam email and would filter it to the spam folder while some remote mail server might just reject the email. Gmail is unlikely to bounce as it would filter to spam folder however when there are too much similar spam emails in a short span of time it will start blocking the email server and the email is bounced. This bounced email is sent back to Johns mail server. John’s mail server will then try to send this bounced email back to the original sender, but that email will never go out because the original sender (the spammer) used an e-mail address that does not exist. Since the email never reaches the original sender, the email gets added to the mail server queue. The mail server keeps retrying to get the email delivered again depending on the interval set in the mail server thereby creating unnecessary load for the mail server. When there are many spam emails received at the forwarding email address the remote mail server will reject all emails thinking John’s mail server is sending spam emails as it sees the spam emails to be originating from John’s mail server. Eventually it can get blacklisted as well and legitimate emails from the mail server will also get blocked.
Another potential problem is when the remote mail server uses SPF for validating the sender. Since email forwarding works like impersonating the sender as the receiving mail server just forwards the email to maintain the sender address, remote email servers with SPF will not allow the email to go through as the sending mail server could not be validated to the actual source details.
In both cases, John’s mail server is seen as the spammer, and as a result the reputation of the mail server is affected. The situation becomes worse when “catch-all” email forwarding is enabled, where EVERYTHING@john.com is forwarded. If there is a spam attack where the spammer sends thousands of emails to ANYTHING@john.com – all of which are forwarded on, results in blacklisting of John’s mail server.
* Forwarding “Catch-all emails” to an external mail server should be avoided. The best solution is to set the default box to :fail: so that messages are rejected and bounced back.
* Instead of using email forwarding, create an email account instead of email forwarder address and use POP feature in your main email account (like Gmail) to retrieve those emails. Email forwarding under the same domain/server will be fine.