Email forwarding seems like a convenient shortcut. You've got an old domain with an email address people still use, so you set up a rule that forwards everything to your new address on a different domain. Job done, right? Unfortunately, what looks like a simple convenience is one of the most common causes of lost email, spam folder problems, and deliverability headaches we see. Here's why forwarding email from one domain to another is a bad idea—and what to do instead.
Key Insight: Modern email security standards (SPF, DKIM, and DMARC) were designed to stop email impersonation. Forwarding makes your mail server behave exactly like an impersonator—it sends email on behalf of domains it isn't authorised for. The receiving server often can't tell the difference between your forwarder and a scammer, so legitimate mail gets junked or silently dropped.
What Do We Mean by Email Forwarding?
We're talking about server-side forwarding: a rule on your mail server (or a "forwarder" or "redirect" set up in your hosting control panel) that automatically passes every email received at an address on one domain to an address on a completely different domain. For example:
Common reasons people set this up include rebranding to a new domain, consolidating multiple businesses into one inbox, forwarding work email to a personal Gmail or Outlook.com account, or keeping an old domain "alive" after a migration. The intent is reasonable—the mechanism is the problem.
Forwarding Breaks Email Authentication
This is the big one. Over the last decade, three standards have become essential for email to be trusted and delivered: SPF, DKIM, and DMARC. Major providers like Google and Microsoft now enforce them strictly. Forwarding undermines all three.
SPF (Sender Policy Framework)
SPF is a published list of servers allowed to send email for a domain. When your server forwards a message, it re-sends it from your server—but the message still claims to be from the original sender's domain. Your server isn't on that domain's SPF list, so the forwarded message fails SPF at the destination.
DKIM (DomainKeys Identified Mail)
DKIM is a cryptographic signature over the message. It can survive forwarding—but only if the forwarder doesn't touch the message. Many forwarders rewrite headers, add footers, or perform spam-scanning modifications that invalidate the DKIM signature.
DMARC (Domain-based Message Authentication)
DMARC ties SPF and DKIM together and tells receivers what to do when both fail: quarantine or reject the message. A forwarded email that fails SPF and has a broken DKIM signature fails DMARC—and if the original sender's domain publishes a strict DMARC policy (as banks, government agencies, and increasingly all businesses do), the destination server is instructed to reject it outright.
The practical result: emails from senders with strict security policies—banks, MyGov, the ATO, large companies—are the most likely to be rejected or junked when forwarded. The more important the sender, the more likely forwarding breaks delivery.
Mail Disappears Silently
The worst part isn't that forwarded mail gets blocked—it's that nobody finds out. When a destination server rejects or discards a forwarded message:
- You never see it—it never reaches your inbox, and there's nothing in your spam folder either.
- The sender may never know—any bounce message goes back to the original sender via the forwarding server, where it's often suppressed, misdirected, or lands in a mailbox nobody checks.
- It's intermittent—mail from some senders arrives fine while mail from others vanishes, depending on each sender's DMARC policy. This makes the problem extremely hard to spot.
For a business, that can mean missed quotes, invoices, password resets, and customer enquiries—with no error message anywhere to tell you it happened.
Your Server's Reputation Takes the Damage
A forwarder doesn't filter what it passes along. Every spam and phishing message sent to the old address gets re-sent by your mail server to the destination. From the destination's point of view, your server is now a source of spam.
What This Looks Like
- • Gmail or Microsoft 365 starts throttling or rejecting mail from your server's IP
- • Your server's IP lands on spam blocklists
- • The forwarded spam "trains" the destination to distrust everything you forward
The Knock-On Effect
- • On shared hosting, the damaged reputation affects every customer on that server
- • Legitimate outbound email from your domain starts going to spam too
- • Recovering a blocklisted IP can take weeks
This is why many hosting providers (ourselves included) discourage or restrict cross-domain forwarders: one customer's convenience can degrade email deliverability for everyone sharing the server.
Replies, Spam Filtering, and Other Practical Annoyances
You reply from the wrong address
When you reply to a forwarded email, the reply comes from your destination address—not the address the customer wrote to. That looks unprofessional, confuses recipients, and can trip their spam filters because the reply arrives from an address they've never contacted.
Mail gets spam-filtered twice
The message runs the spam gauntlet at the forwarding server and the destination. Two chances for a false positive, and the second pass happens with broken authentication—stacking the odds against legitimate mail.
Troubleshooting becomes a black hole
When something goes missing, the trail spans two providers, two sets of logs, and two spam-filtering systems—and the destination provider usually won't discuss mail that was rejected from a server you don't own. Diagnosing a single lost email can take hours.
Privacy and compliance exposure
Every forwarded message transits (and is often stored on) an extra system. If you handle sensitive client information, that extra hop may sit outside your security controls—and outside what you've told clients happens with their data.
"But It's Been Working Fine for Years"
Maybe—or maybe mail has been quietly going missing and you've never noticed. Either way, the environment is getting stricter, not looser. Google and Microsoft both tightened sender requirements in 2024, more domains publish enforcing DMARC policies every month, and forwarding arrangements that limped along for years are breaking now. A forwarder that "works" today is living on borrowed time.
What to Do Instead
The good news: every scenario that tempts people into forwarding has a proper solution that keeps authentication intact.
- 1Add the old domain to your mail platform
Microsoft 365, Google Workspace, and most mail servers let you attach multiple domains to the same mailbox as aliases. Mail to both addresses lands in one inbox—delivered directly, with no forwarding hop, so SPF, DKIM, and DMARC all stay intact.
- 2Collect the mailbox instead of forwarding it
If the old address must stay on a separate system, add it as a second account in your email client, or use your provider's mail retrieval feature (Gmail's "Check mail from other accounts", for example) to pull messages in via POP/IMAP. Retrieval doesn't re-send the mail, so nothing breaks.
- 3Migrate properly and retire the old address
If you're rebranding, migrate the old mailbox to your new platform, set up an auto-reply telling correspondents the new address, keep the alias for a transition period, and update the address everywhere it's registered.
- 4Keep forwarding within the same domain only
Aliases and distribution groups within one domain on one mail system (sales@ delivering to three staff mailboxes, for instance) are fine—the mail never leaves the server, so authentication is never re-evaluated.
Summary: Why Cross-Domain Forwarding Fails
- 1Authentication breaks—forwarded mail fails SPF and DMARC checks
- 2Mail vanishes silently—rejected messages leave no trace in your inbox
- 3Spam gets re-sent—damaging your server's sending reputation
- 4Shared hosting suffers—one forwarder can hurt every customer on the server
- 5Troubleshooting is painful—problems span two providers and two filtering systems
- 6Better options exist—domain aliases, mail retrieval, or a proper migration
Next Steps
If you're currently relying on a cross-domain forwarder, the best fix is usually to consolidate your email onto one platform. Our guide to migrating email to SmarterMail walks through moving mailboxes between providers, and our beginner's guide to domains and DNS explains the MX and TXT records that make email authentication work.
Email forwarding between domains is a relic of a more trusting internet, and modern security standards have made it unreliable by design. If you have forwarders in place and you're not sure what to replace them with, the team at Expeed Technology can help you consolidate your email properly—so every message arrives where it should, every time.