cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

email support

Ask us about your TalkTalk email account and Webmail.

Incoming forwarded mail being rejected

Mal469
Whizz Kid
Private Message TalkTalk
Message 11 of 11

In the last few days I have encountered a problem with incoming forwarded mail not arriving. To elaborate, I am part of a charity ***.org.uk that has a contact address info@***.org.uk. It is registered with 123-reg. There are two forwarders set up, one to a colleague with a Hotmail address and one to my dial.pipex.com address. On Tuesday an incoming message was received by my colleague but not by me, and this continues randomly with other messages today.  123-reg say there is no problem with the forwarding service.

 

Does TT have a problem with forwarded mail in general, or 123-reg in particular?

 

Mal469

0 Likes
10 REPLIES 10

Message 1 of 11

Yes they do. But users still ignore advice that auto forwarding is not to be relied upon and they expect it to work.

 

 

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

0 Likes

Mal469
Whizz Kid
Private Message TalkTalk
Message 2 of 11

Thank you very much. That is very interesting. Sounds like I must encourage 123-reg to use SRS.

 

Equally interesting is the fact that TalkTalkMail does not use SRS, which suggests that users would have a similar problem to mine during automatic forwarding.

 

Mal469

0 Likes

Message 3 of 11

I'll give you a little insight into what's being said here.

 

Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) authenticate the sending of mail and Domain-based Messaging and Reporting Compliance (DMARC) tells a receiving mail service how to handle failures of SPF or DKIM. TalkTalk Mail supports these processes and encourages originators to use strict compliance for the best protection.

 

Strict compliance by the originator and simple mail forwarding by an intermediary are not compatible. Techniques have been introduced to overcome failures of mail forwarding. Sender Rewriting Service (SRS) is when an intermediary may or may not check the authentication of received mail but does rewrite the email header to authenticate the intermediary as the sender. Authenticated Received Chain (ARC) is when authentication is checked at each stage and the results of those checks are added to the email header, signed with an encrypted snapshot of the entire message and sealed to prevent tampering before delivery to the recipient.

 

SRS is not used by all mail forwarders. TalkTalk Mail does not use SRS during forwarding but will authenticate mail from an SRS forwarding service. ARC is not yet widely supported. The TalkTalk Mail platform does not yet support ARC although Google and Microsoft have implemented ARC.  

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Mal469
Whizz Kid
Private Message TalkTalk
Message 4 of 11

I've been having  a read around the problem and encountered

"Forwarded emails often change the sending IP address, which causes the SPF check to fail. Organizations should correct server settings so that forwarded emails retain the correct information, but many do not."

"Therefore, when receiving eBay mail via an email forwarder like 123-reg (and others), and it arrives at your email service provider, it is seen as coming from a 123-reg mail server not designated as a permitted sender for eBay mail. The mail header isn't being rewritten by 123-reg, it can't be avoided the result; incoming email is rejected. This happens before any spam filters, so the missing email won't be found in your junk/spam folder."

 

I also found others complaining since October, when 123-reg started migrating to Generation 2 mailboxes. For me it started on Tuesday. Is it the case that they could have code to rewrite the header so that it repeats the originator's details? Should I complain to 123-reg and ask why they are not doing so? If recipient ISPs are getting stricter it otherwise completely negates the advantages of mail forwarding.  

 

Confusingly, it is quite random. As I reported,  I have now set up forwards to my dsl.pipex and dial.pipex addresses, as well as Hotmail and Gmail. A sender who got through (via 123-reg) to dial.pipex, got through today just to Hotmail. Today a sender using ccsend.com for a mailout ended up at dsl.pipex and dial. pipex, but not Hotmail or Gmail!

 

Losing the will to live here!  It may be that 123-reg's forwarding service is in a state of flux.

 

Mal469

 

0 Likes

Message 5 of 11

Sorry, I should have started by thanking you for the detailed explanation.

Mal469
Whizz Kid
Private Message TalkTalk
Message 6 of 11

I’ll have a think about your suggestions. The essence of the info@ communications is that we don’t know they’re coming, i.e. we don’t have a relationship yet with the senders. In the meantime I might try adding both my Hotmail and Gmail addresses to the forwarder destinations to cover all eventualities, to see if that works.

 

Mal469

0 Likes

Message 7 of 11

I'll try and explain using the examples you gave.  Hopefully you'll understand why forwarded mail can work but is not to be relied on.

 

Forwarded mail from the originating gmail.com domain will not fail on SPF authentication because gmail has a soft fail policy that means any servers can send on gmail. So gmail via reg-123 will be delivered unless there's another reason for non-delivery. Gmail / Google Mail has no policy via DMARC so it's up to the recipient mail service how mail is handled. There's been a lot of spam from gmail recently.

 

Forwarded mail from broxbourne.gov.uk will fail on SPF authentication because broxbourne.gov.uk has a strict fail policy. Any mail servers, not on the extensive list of permitted servers, will cause a fail to be logged. Furthermore broxbourne.gov.uk has a policy (DMARC) that tells TalkTalk to quarantine any fail. You have to accept that some originators of mail are more security minded than others. Equally, some recipient mail services are less security minded than TalkTalk.

 

Interesting point about dial.pipex.com because that uses the default TalkTalk SPF authentication and DMARC policy. SPF is similar to Gmail and has a soft fail for authentication. However, the DMARC policy is rigid and requires fails to be rejected.

 

You have two options.

  1. Get mail from broxbourne.gov.uk sent direct to your TalkTalk mailbox OR
  2. Collect mail from 123-reg instead of relying on their forwarding

I always recommend collecting mail rather than rely on forwarded mail that is so very dependent on the mail handling policies set by the originator.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Message 8 of 11

Sorry, I meant sending from my dsl.pipex.com account, in case it makes a difference

0 Likes

Mal469
Whizz Kid
Private Message TalkTalk
Message 9 of 11

I'm a bit confused by the reply, that suggests that 123-reg forwarding will never work. I have to say that it works for some sales emails, that I don't particularly want. A failure today was from @gmail.com, on Tuesday from @broxbourne.gov.uk. 

 

Interestingly, I have been testing by sending from my dial.pipex.com account, and this has been failing. Does this follow your criteria above?

 

The forwarding has been working for years. Of course I don't know what I have missed unless my colleague mentions it, or the sender follows it up.

 

Mal469

0 Likes

Gondola
Philosopher
Private Message TalkTalk
Message 10 of 11

TalkTalk Mail doesn't have a problem with receiving fully authenticated forwarded mail whether via 123-reg personal domains or elsewhere.

 

What TalkTalk Mail does have a problem with is mail that is forwarded by mail servers that do not authenticate the mail messages they handle when the originator of the message requires that only permitted mail servers may send the messages and those permitted mail servers do not include 123-reg sending mail servers.

 

TalkTalk Mail usually operates a strict policy of not accepting unauthenticated mail whereas other mail services can have flimsier policies.

 

What is the original sending domain for the messages that don't get accepted by TalkTalk Mail?

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

0 Likes