Problem
Why are my auto forwarded emails bouncing?
Why are emails bouncing that I have auto-forwarded to another email address?
Solution
Consider this scenario:
You own the domain example.com and you have an email address fred@example.com.
Within the mailbox fred@example.com, you’ve set up an auto-forward rule that to send all received emails to fred@somewhere-else.com. While this example forwards to somewhere-else.com, the principle applies to any domain (e.g., fred@gmail.com, fred@hotmail.com, fred@outlook.com).
This scenario looks reasonable, right?
At first glance, this setup does indeed seem reasonable. All incoming emails are forwarded to another mailbox. However, with the implementation of email protection policies like SPF, this scenario doesn’t always function smoothly.
Let’s look in more detail with an example:
bert@acme.com sends an email to fred@example.com. Acme Corp is diligent about email security and has correctly configured SPF (Sender Policy Framework) records. These SPF records specify which mail servers on the internet are authorised to send emails from the domain acme.com.
Upon receipt, the mail server at example.com validates the email against the SPF records. Since the email originates from a permitted mail server for acme.com, it is accepted and deposited into the mailbox for fred@example.com.
At this point the auto-forward rule is activated and the email is now sent on to fred@somewhere-else.com.
However, the receiving server at somewhere-else.com attempts to validate the email. Here lies the issue, the email is from bert@acme.com, but the forwarding server, mail.example.com, isn’t listed in the published SPF records for acme.com. Consequently, the email fails SPF validation and is rejected and bounced back.
So, what are the options for resolution?
- Avoid auto-forwarding to a different domain. Stick to using the mailbox provided to you.
- If auto-forwarding is necessary. Instead of forwarding the email, set the rule to forward it as an attachment. This way, the email from example.com to somewhere-else.com will appear as originating from fred@example.com, with the original email attached, thus passing SPF validation.
Some may wonder: wouldn’t it be simpler if acme.com included my mail servers in their SPF record? While that would address the issue, it’s unlikely that another company would want to include your mail servers in their SPF record. SPF records are intended to list valid servers for a domain, demonstrating responsibility for email sending and preventing spoofing/spam.
And what about not having SPF records at all? This isn’t advisable. SPF records, along with DMARC and DKIM, are essential tools for protecting a domain from email abuse. Many ISPs now reject emails from domains without SPF records, which could contribute to further email rejections and bounces.