Forwarding and SPF

This page is showing a generic answer.
To see a more detailed answer customized for you, type your domain name here:

A feature of our service allows you to automatically forward incoming email messages to an address at another ISP. For example, you could automatically forward "address@example.com" to "example@aol.com".

When you do this, there are three servers involved in the delivery of each message instead of two, and a message must go through two sets of spam filters. That makes things a little more complicated, and it will make mail delivery less reliable if the final ISP involved has mail problems. Despite that, forwarding usually works well.

We are aware of one particular potential problem that might make you want to avoid this kind of automatic forwarding, though. A new(ish) anti-spam method called "SPF" allows mail senders to publish information saying "If you receive a message claiming to be from an address at our domain name, don't accept it unless it comes directly from a server we run". Most senders don't do this, but a small number of companies (particularly those that often find their domain name forged as a fake "From" address in email messages) do so. For example, Chase.com requests it in the hope that it will prevent spammers from successfully sending messages that pretend to be from Chase Bank.

This system sounds like a good idea, but it causes problems with automatically forwarded mail if the final receiving ISP uses SPF to filter incoming messages (most don't, but some do). When that ISP receives a message from an address such as "example@chase.com", they'll check to make sure that it's being sent to them by a Chase.com server. If the message is being automatically forwarded through our mail servers (or any other mail servers), they'll reject it, even though it was originally really from Chase.com.

This is a relatively rare issue, but it does happen with some combinations of senders and receiving ISPs. In fact, the problem is described on the SPF site.

If you're concerned about it, the way to completely avoid this is to make sure that your mail is delivered to a mailbox on our system instead of automatically forwarding it to another ISP. Doing so makes your email delivery more reliable in general, because it doesn't rely on another ISP at all.

We should emphasize that this potential problem can happen when forwarding messages using any company, not just Tiger Technologies. Also, this problem only happens with automatic forwarding, not with the manual "Forward" option that some mail programs offer.

Does this affect WHOIS privacy forwarding, too?

The email forwarding feature of our WHOIS privacy protection does the same kind of automatic forwarding. If a sender who uses SPF sends you an email message, and the administrative contact address we have on file for you is at another ISP that performs SPF filtering, then the receiving ISP will block that message (because they see it as coming from our servers, not from the original sender's servers).

If you need to receive a message sent to your WHOIS address (for example, if you're transferring your domain name to another company and they're sending messages to the WHOIS address), and the sending company publishes SPF records that don't allow forwarding (one that we know of is GoDaddy.com), and the receiving ISP rejects such mail, you should either:

I've heard there is a technological solution that allows forwarding and SPF to work properly. Can't Tiger Technologies do that?

The people who invented SPF have proposed a solution that involves modifying mail servers to change the way automatic mail forwarding works by modifying the “envelope sender address” of forwarded mail.

However, software that implements the proposed changes is not yet widely available or tested, and like most ISPs, we are extremely reluctant to change such a major part of our systems for something that's still experimental.

Even worse, many companies think that the proposed solution is actually harmful: Gmail, for example, advises people not to change the envelope sender for forwarded mail, because doing so will cause other mail to be incorrectly tagged as spam.

For now, we'd recommend simply not forwarding important mail to other ISPs. Deliver it to a mailbox as described above (which is a generally more reliable solution anyway).