Email Forwarding & SPF

mailA friend emailed me the other day to ask why their hosting company have announced they will stop forwarding.

Roughly speaking, they have an email address which is hosted by said company. This forwards to their Gmail address [these are, if you hadn’t guessed, not their real emails].

The company has stated that they will no longer allow forwarding of emails from the custom domain to an external server. Why? my friend asked. It is, after all, a quite normal thing to do with domains.

As far as I can tell – it looks like the reason is down to the way popular mail services filter spam. Google’s GMail, for example, uses a thing called SPF. This is a mechanism that checks whether emails came from a legitimate source.

Let’s say is sending my friend Joe an email, but they use his Gmail account directly – this is the simplest path:

1. Bob writes the email and sends it. The mail server at looks up the mail server handling accounts and connects to it.

2. The mail server at receives the email and puts it in Joe’s inbox.

Now, the mail server at is applying SPF. This looks up the public record for to see which mail servers have authority to send from that address. The mail server that sent the mail to Gmail is indeed legitimate, so it’s allowed through.

Now, Bob sends another email, this time to

1. Bob writes the email. The bigcorp mail server looks up, finds its mail server and connects to it.

2. The mail server realises it’s supposed to forward mail on, so once it has the email it finds the mail server and resends the email there.

3. The mail server receives the email and puts it in Joe’s inbox.

So, same as last time, the server applies SPF. However, this email didn’t come directly from, it came via This isn’t on bigcorp’s list of authorised servers, so as far as Gmail is concerned this email could have been forged. It’s quite possible the email will end up in the junk folder.

Worse still, if lots of emails come via Gmail might start thinking the entire domain is spammy. This is partly why I suspect the hosting company want to avoid forwarding. Ending up on spam blacklists is a costly, damaging affair.

This might appear like a weakness of SPF, but there is a fairly reasonable solution to this. I use Google Apps for Work (i.e. I pay for Gmail) and as part of my configuration I can tell Gmail which mail servers are trustworthy.

If Joe did this, he would add his mail server for to the trusted list. Now, when Gmail checks where an email is coming from it will see that is a trusted server, so will look further up the history to the previous mail server. In this case it’ll be, which is valid, and the mail will be allowed through.

Unfortunately I’m not sure this is available on the freebie Gmail server, nor whether other services support it.

The hosting company didn’t give their reasons for limiting the feature, but this seems like a pretty likely (and logical) reason.

Sidenote: there’s also a bit on Wikipedia about rewriting the envelope sender. Looks a little hacky, but might be a viable alternative for those without whitelisting.

Not Smart Enough

We’re still getting post for a former householder who moved out ten years ago (plus daily post for previous owners, 1yr on). Surely they’ve noticed either the lack of response, or my “return to sender” messages aren’t getting through. The former owners had a redirect for a while as well, so the data’s in the system. It’s tiring and wasteful on all parts.

Tom Morris has a long list of things Google thinks he is interested in – except he’s not (he really doesn’t like country music!).

Dave Winer’s dad would be surprised if he got an iPad – as recommended by Apple for Father’s Day – because he passed away several years ago. “With these companies doing such a great job of Big Data, you’d think they could get a clue about this one.” 

The Post

For the last four months or so we’ve been living in rented accommodation. One of the things I’ve rapidly learnt about rented places is that they’re magnets for unwanted letters.

Here’s why: before us, there were three (groups of) people living here at different times over the last few years. For various reasons we have no forwarding addresses or contact details for them, and for various other reasons most of them don’t seem to have ever updated their contact details with various companies.

The long and the short is, we get all their mail. Normally we’ll get a handful of letters every week. Some are clearly junk; some are white envelopes which look pretty personal and the rest are from companies like BT and organisations like SAGA.

Since we’re not the recipients we can’t play the Data Protection Act game and ask to have “our” details removed. Besides – I don’t fancy writing or calling to every single one of these companies asking them to stop. The same is true for simply writing and explaining.

The postie won’t stop delivering them because he’s obliged to post any addressed letters by law, and it’s probably not worth his time filtering them anyway.

So, after a bit of a look-up on the Internet I noticed a few people recommending writing “Return to Sender. Recipient no longer lives here” on the front. Dutifully I ran off a load of labels (already on my third sheet…) and started posting them back.

The other day I went to the Post Office for something unrelated, and asked if I could put “this handful of letters” in the post. The Post Office lady took them, saw the sticker and commented that “this probably won’t work. Royal Mail just usually put them straight in the incinerator”. Bleeding marvellous.

So the letters continue – another two today and undoubtedly more to come.