Why EMail Forwarding Offsite is Very Bad.
We still see an awful lot of people forwarding email offsite to their ISP’s email address. This is very bad. Very, very bad. We wish cPanel had a way to stop you from doing it, and we wish we had time to contact every one of you individually to explain why it’s bad because we can see in our handy, dandy config files who’s doing it and where it’s going. Since we cannot do that, we’re going to explain here why this is very, very, very bad both for you and for us.
Your cPanel email system is fairly robust. You have POP email accounts, IMAP accounts, and forwarding capabilities. You can get mail through webmail on this server, pop it into a client, get it on your Blackberry - the choices are numerous. Out of all those choices, there’s only one that can really harm your ability to get your mail, and that’s forwarding your email to your ISP (or GMail, Yahoo, or Hotmail).
When someone emails our system here, there are some tests that the email goes through when another mail server knocks on the door. First, we see if the sending server is on an RBL and if so, we won’t take the mail. Next we check if the recipient email address is defined as accepting mail (which includes installed accounts or forwarders) and if it is not, we don’t accept the mail. If the sending server isn’t on an RBL, the email address exists here, and it passes some other criteria that insures it’s a correctly formatted email, then our servers take the mail and processes it. If you simply have a POP account for that address, we drop it in there, and it waits for you to pick it up.
If you have an offsite forwarder, we then take that email and forward it to your ISP (or webmail provider) - this forwarding step changes the nature of that email in that the email is no longer from the server that originally delivered it here. The email is now originating from your server here at DrakNet.
This is an unbelievably important distinction. If you have MailScanner set to deliver and simply tag spam, and you also have your account set up to forward that email to you, you and your domain (and since this is shared hosting, the entire server and everyone on it) then appear to be the spammer to your ISP because the email being sent to you is being delivered by us. Even if you have MailScanner configured well, some spam mail will still get through - once that happens Comcast, or AOL, or SBCGlobal, or RoadRunner will look at our server and says:
“Dude! You keep sending spam to our user! You won’t stop! You can’t email here anymore!”
And before you can blink, all mail from here to there bounces. All of it - from everyone on the server with you trying to email anyone they know at that ISP. (As well as, remember, all the mail you are forwarding, both good and bad, which you now won’t ever see).
The AOL folks are particularly guilty of causing problems with this because of the unbelievably easy way AOL lets you report spam - simply click a button, and report the server instantly, right? Well, if it’s a forwarded email, you just reported your DrakNet server, upping the likelihood that one of our servers will get blacklisted for forwarding your mail to you, just like you told it to, and ensuring that you’ll lose a significant amount of mail, as well as disrupt communications for everyone with you.
Another issue with this is that if you forward your mail offsite, we simply have no way to help you if you have a question about lost mail. Once your ISP accepts the mail, our part is over with. If a mail doesn’t make it to you and your ISP accepted it, it simply isn’t our issue anymore and we have no ability to ask them what they did with the mail once they took it - and most ISPs are so large that whether you lost one email from your Aunt Martha really isn’t their concern.
Forwarding should only be used to define multiple addresses that accept mail on the server, and they should only be used to forward that mail to email addresses on the server itself. drak.net itself has about 20 email aliases and only one actual pop account - there is no limit to how many email aliases you can have. Once you begin using those forwards to forward offsite, though, you risk setting off a blacklist that will disrupt mail service for you, and the communication ability of all your neighbors. And yes, it can get your account asked to leave should it happen more than once.
All the major webmail providers (Gmail, Yahoo, Hotmail) allow you to pop email into your webmail - set this up instead of forwarding. Almost all popular email programs allow you to pop mail from multiple accounts into one area to manage it - set this up instead of forwarding to your ISP. Don’t forward email to your ISP out of laziness - the risk is fairly significant that you could blacklist your own domain, tick off everyone on the server with you, and greatly annoy us when we have to deal with it.
One more word about forwarding - if you install a pop account on the server, and you install a forwarder on the server to send the email offsite with the same address as the pop account, you will get two copies of that email. One copy will be archived on the server here, and one is sent to you - your mail can fill up very, very quickly that way, eventually overtaking your quota if you install a pop account and never check it or clean it out. If you are using an address as a forwarder only, do not install a pop account for it - it’s an alias, and it doesn’t need it.
Tags: blacklist, email, forwarding, offsite, spam
I don’t know if you’ve changed anything but when I first tried to get Yahoo to talk POP with a drak-run email, it didn’t like something about a protocol feature it claimed you weren’t supporting.
– POP server does not support LAST command. You may only retrieve POP mail from this server using “get all messages”. –
This implies (if I’m reading it right) that I can’t just use yahoo as a means to glance at my email without removing it and moving it onto yahoo’s servers which I really don’t want to do.
[Reply]
Joe Shelby on April 14th, 2008 at 12:57 pm
That’s correct - you wouldn’t use an outside webmail program to look on the server here using POP. You should, ideally, take the mail off here to be stored somewhere else - the smaller accounts can run out of room if all mail is stored on the server. You should be “getting all messages” when getting mail off the server if you’re using POP since it’s not designed for multiple access.
For multiple access, then you should be using IMAP to synchronize, since that’s what it was designed for.
http://www.imap.org/
[Reply]
DrakNet on April 14th, 2008 at 1:20 pm
Our forwarders go from one account on Warturtle to another — elrenotribune.com to mustangnews.info — mainly because our people work for both papers but seem capable of dealing with one e-mail address. No mail is stored on the server.
It doesn’t sound like this particular issue applies, but should I eliminate those forwarders for other reasons?
[Reply]
Dyrinda on April 14th, 2008 at 2:06 pm
No, that won’t be an issue - we have server to server communications whitelisted.
[Reply]
DrakNet on April 14th, 2008 at 2:11 pm
I do prefer IMAP, and use Thunderbird as my mail’s primary interface and final resting place (when I archive stuff to local folders) on my main box at home.
My problem is that of resources on my work desktop and browser (where my admins have blocked ALL email access protocols to the outside world, including POP, IMAP, and SMTP to any server but our own (which requires using our own work email address or the filter will block it)). I’m stuck with Squirrel and Horde.
I would rather, during the day just glancing at things, keep it in my main portals (yahoo or google) rather than having to keep a tab open with Horde always running. I would also rather use either of those editors to create new mail in reply than use Horde (the html editor only replies to its fake-html conversion of the unreadable plain text) or Squirrel (no html editing at all, last i checked).
Basically in a Web2.0 world, Horde and Squirrel are really out of date. Sorry if I seem like I’m ranting, because generally I love drak’s service and if my work hadn’t blocked IMAP I’d still be a terribly content Thunderbird user every day.
[Reply]
Joe Shelby on April 14th, 2008 at 5:30 pm
No, don’t worry about the rant - you’re right, both Horde and Squirrelmail leave much to be desired. They’ve been glared at by folks over on the cPanel forums for a while, and people have been asking for a better alternative for a good long time, or so I’ve seen.
With cPanel, the integration is both a plus, and a minus - a plus in that it all integrates together pretty well. A minus is that when you want to do something different, sometimes cPanel makes it nearly impossible by the way it’s set up. We’ve been thinking about trying out RoundCube when we get time - cPanel supposedly has hooks set up for it.
http://www.roundcube.net/screens
[Reply]
DrakNet on April 14th, 2008 at 5:50 pm
Well, we have an address used for technical issues, which is used only during important events. I really don’t want to spend the time constantly going through the steps to see that there are no new messages.
Now, if there were a way to get a notice when a message has arrived (not the message, just a notice, say, “Hey, xxx@yyy.zzz received a message!”), that would be super and I’d have no interest in auto-forwarding the email.
Is this a possibility?
Thanks!
[Reply]
DrakNet replied on April 24th, 2008:
That’s what an email client does when you check the mail - many of them have alerts.
You’re asking, though, for a message to be sent to you that a message was sent to you so you can get the message (instead of just initially checking if there’s a message) which, frankly, doesn’t make a whole lot of sense.
The statement “I really don’t want to spend the time constantly going through the steps to see that there are no new messages” kind of sums up the issue - people don’t want to take proper steps to check email (even though much of checking email can be set up to be automated) so that their account is protected and other people aren’t inconvenienced by mail delivery problems. Those that choose to not set it up in a responsible manner may find their account terminated, and that’s why we posted.
You can choose to do it in any manner you wish to out of convenience, but at least you’ll be aware now of the risks that you’re taking with your own mail and everyone else’s so that should it cause problems with your mail or account, you’ll have made the decision to forward knowing the potential consequences.
[Reply]
Cal replied on April 24th, 2008:
Thank you for pointing out how inconsiderate and lazy I am. I like you too.
I do use Outlook to check for messages on the address and it works fairly well, when I have my laptop. But when I’m in the field or on the road, no matter how much I try, I can’t seem to fit Outlook onto a 12-key cell phone that has web access. And I really don’t care to find out how WAP-compliant cpanel and Squirrelmail are, which is likely to be ‘not very’…
My sarcasm aside, what I was looking for was a way to monitor when the usual methods (mail client auto-collect or PC-based web login) aren’t available. The sending of a “hey you got mail” alert to something WAP-enabled like gmail would let me know I need to find a PC to see what broke (U3 pendrives are excellent for quickly utilising any PC with net access), and protect everyone else from getting blocked if it turned out the message was for Nigerian male enhancement gambling jewelry.
As to security, having had to chase down rapidly expanding corporate virus attacks in real time (can we say ‘code red’ and ‘code blue’), I do take security seriously. If there is a way to address the situation I mentioned and is as easy as the current email forwarding “solution” being used, some of those people putting all our email at risk of being blocked might switch over and use it. This would be a good thing, wouldn’t you agree?
Sorry if I came off a bit miffed, but after 25 years in the DP world, I don’t take being told I’m irresponsible in my field well.
[Reply]
DrakNet replied on April 24th, 2008:
Frankly, it’s hard for me to make it sound any other way - the system itself is designed to get and collect the mail and give you ways to collect it off the server, and its against TOS, so I probably do come off a bit short on this subject.
You have the ability to install wap enabled webmail on your server (like http://www.dominion-web.com/products/w-mail/) or have Gmail or Yahoo pop the email off as both of them are wap enabled if Squirrelmail isn’t something that you like - but since there is the ability to pop the mail to Gmail and Hotmail which does it’s own alerts, sending a notice to gmail that there’s mail in another account simply creates more mail for the server (instead of “getting mail and popping mail”, you create a system that has has “getting mail, parsing mail, creating new mail, sending mail alert, getting mail alerts, then getting mail) creating unnecessary processes on the server.
By the time you have an alert that your account is forwarding spam off and can get to a machine to try and protect the servers, the damage to the server on RBLs is done already.
On your particular account you appear to be forwarding to the two places we specifically began prohibiting two years ago and sent a mass email out about, and both of which have the ability to pop the accounts:
Set up Your Email Accounts in Hotmail
First, you need to configure your POP accounts in Hotmail:
* Select Options from the top Hotmail navigation bar.
* Follow the POP Mail Retrieval Settings link.
* Enter the access information for up to four POP email accounts.
o Use the POP Server Name, User Name and User Password given to you by your cPanel to provide Hotmail with the details needed to log into your account and retrieve new mail.
* Click the OK button.
Gmail directions are here:
http://www.drak.net/news/2008/04/03/tips-google-your-email/
So, again - I don’t mean to be short, however, you have the ability to mimic exactly what you’re doing right now while putting the server at risk for mail interruption just by setting it up a different way. It doesn’t change anything regarding what you see and doesn’t change what you’re doing now - it just does it in a safe manner.
Cal on April 23rd, 2008 at 10:19 pm