Paul O’Brien

Forward Email: Control Before the Inbox

A deep dive into ForwardEmail.net — how domain-level routing, security, and automation work before messages reach an inbox.

Paul O'Brien
Paul O'Brien
10 min read
Forward Email logo on a dark blue background.
A deep dive into Forward Email — how domain-level routing, security, and automation work before messages reach an inbox.

Some people are content with a single email provider and a single address, tightly wrapped in a polished interface. Everything lives in one place — your inbox, storage, filtering, rules, workflow. It’s convenient, familiar, and feature-rich, as long as you’re happy staying inside that provider’s model.

Others prefer a more modular approach. They host their own domain, separate addresses from inboxes, and want control over how mail is handled before it reaches a client. This isn’t about novelty or ideology. It’s about keeping options open.

Forward Email (forwardemail.net) is built for that second approach.

I’ve been working on this post for some time, mainly to make sure I was approaching it from the right angle. I’ve used Forward Email in the past — it’s a personal favourite — and it’s been on my ever-expanding list of services to properly digest.

Email forwarding is often thought of as a simple setting at a domain registrar: something you use to send mail from one address to another. Services like Forward Email are less well understood, and that simplicity tends to underplay just how much control and flexibility they actually provide.

This is a deep dive, not a quick recommendation. It looks at how Forward Email handles routing, security, automation, and growth — and what those choices mean in practice.

📌 Why this matters

Email isn’t just something you read. It’s something websites, apps, automation, and email marketing systems depend on — for sign-ups, alerts, authentication, and delivery.

Forward Email matters if you care about:

  • Wiring email into other tools via APIs, webhooks, and automation
  • Running hybrid setups that mix forwarding, storage, and multiple inboxes
  • Controlling routing and behaviour instead of relying on inbox rules
  • Getting clear signals when delivery or forwarding fails
  • Sending the same message to multiple places without duplication hacks

If you just want a polished inbox experience, this article isn’t aimed at you.

If you want control over how mail flows before it gets there, keep reading.

Control before the inbox

Forward Email does not start with an inbox.

Its core job is deciding where mail goes, not where it lives.

Mail arrives for a domain, is evaluated, filtered, optionally encrypted, and then routed onward — often to one or more inboxes you already use. That might be Gmail, Fastmail, Proton Mail, a self-hosted mailbox, or multiple destinations at once.

Forward Email can also operate on its own when you want it to. Optional IMAP storage and SMTP support allow you to use it as a standalone mailbox, accessed through standard clients like Apple Mail, Thunderbird, or mobile mail apps — without proprietary software.

Instead of tying addresses, aliases, and the rules that decide where mail is sent and how it’s handled to a single email provider, Forward Email lets you define that logic independently — and change delivery targets later.

That distinction explains almost every design choice that follows.

Email routing as a service

At its core, Forward Email operates as a routing layer, focused on delivery decisions rather than inbox features.

It handles:

  • Inbound mail acceptance
  • Alias resolution, including catch-alls and regular-expression rules
  • Filtering and abuse controls
  • Secure forwarding to one or more destinations
  • Optional outbound SMTP sending

There’s very little hand-holding here. Much of the configuration lives where email actually lives: DNS records, authentication policies, and protocol-level decisions. That’s what makes the service powerful — and occasionally uncomfortable — by design.

Forward Email assumes you want to understand what’s happening, not just click through a UI.

Domain portability

One of the less obvious benefits of Forward Email is how much easier it makes managing one domain — or many.

Because routing lives outside the inbox, moving a domain, changing providers, or reworking delivery doesn’t mean rebuilding your email setup from scratch. You can point addresses wherever you need them, route mail to multiple destinations, or make changes gradually without disruption.

Forward Email also lets you register domains directly through the service, which keeps domain ownership and email routing in one place — without tying either to a single inbox provider.

Taken together, a domain you control and a routing-first service like this turn email from something fragile into something flexible. If you want a deeper explanation of the broader benefits of domain ownership — beyond Forward Email specifically — I’ve covered that in Why using your own domain for email makes sense.

Hiding routing logic in public DNS

Email routing relies on DNS, which is public by design.

Forward Email offers the ability to encrypt sensitive TXT record data — such as alias structures and forwarding logic — masking configuration from being trivially readable or searchable. This doesn’t make DNS private — that’s impossible — but it reduces unnecessary disclosure.

For people managing many domains or complex alias rules, this is a small but thoughtful piece of operational hygiene.

It can be simple — or surprisingly complete

Although routing is the primary focus, Forward Email is protocol-native. Because it uses standard email protocols, it can also behave like a fairly conventional email account when you want it to.

Optional IMAP storage allows mailboxes to be stored and accessed using standard clients. SMTP support on paid plans allows sending mail from almost any platform. Apple Mail, Thunderbird, mobile clients, terminal-based tools — all work without proprietary software.

You can use Forward Email as:

  • A forwarding layer only
  • A lightweight hosted mailbox
  • A hybrid of both

This doesn’t turn it into a polished consumer inbox experience. Storage is optional, the built-in management interface is intentionally minimal, and recovery safeguards are deliberately limited. What it offers instead is flexibility: you decide how much of the email stack you want to own.

“Send Mail As” without surrendering identity

Many people like Gmail’s interface but don’t want their email identity tied to a @gmail.com address.

Forward Email supports standard SMTP sending, which means you can send mail from your own domain while continuing to use Gmail or another familiar client. Your domain remains the identity layer; Gmail is simply the interface used to send messages.

This setup avoids handing long-term control of your address to a single provider and makes it easy to move gradually — or change clients later — without breaking how people reach you.

Security by architecture, not promises

Many of Forward Email’s security claims only make sense when viewed as design decisions rather than marketing features.

Incoming mail is processed in sandboxed environments, limiting the impact of malicious content before messages are forwarded or stored. This sandboxing applies to mail handling itself — it’s an architectural choice, not a user-facing feature, and it’s not something all email services do by default.

Optional encrypted mailbox storage uses per-mailbox encryption, with keys derived from the user’s password. Data is encrypted in transit using TLS and at rest using AES-256.

The service is designed to remember as little as possible. There is no default inbox and no central, shared message store. For encrypted mailboxes, Forward Email does not hold recovery keys — if you lose your password without backups, the stored mail cannot be recovered.

This trades convenience for privacy by design, closer to encrypted storage you control than a traditional inbox with recovery options.

Spam, phishing, and safe lookups

Spam and phishing protection here is defensive rather than absolutist. The goal isn’t to catch every unwanted message at all costs, but to reduce harm without breaking legitimate mail flows. That means blocking obvious abuse, containing clearly malicious payloads, and avoiding aggressive filtering that quietly drops valid messages.

This approach fits a routing-first service. Forward Email sits early in the delivery path, so its job is to prevent forwarding infrastructure from becoming a liability — not to impose a rigid definition of what users should or shouldn’t receive. Decisions are biased toward transparency and reversibility rather than silent suppression.

Forward Email also limits unnecessary outbound lookups during message processing. Many spam and phishing systems rely heavily on external link checks and reputation services, which can leak metadata about senders, recipients, and message contents. By minimising those lookups, Forward Email reduces how much information is exposed during spam checks and link analysis.

It’s a subtle design choice, but over time it matters. Fewer external calls mean less metadata leakage, fewer hidden dependencies, and a smaller surface area for things to go wrong — especially when mail is being routed across multiple domains and destinations.

When email becomes input, not just a message

One of the more interesting aspects of Forward Email is how easily it allows email to escape the inbox entirely.

Forward Email exposes a developer-friendly email API, making it possible to treat incoming mail as structured input rather than something a human must read.

Incoming messages can be parsed programmatically. Headers, senders, subjects, and attachments can trigger automation. Emails can be delivered to HTTP endpoints via webhooks, turning SMTP traffic into HTTP events. Aliases and routing rules can be managed through APIs.

In these setups, addresses stop being personal identifiers and become entry points for other systems.

This is where features like:

  • Regular-expression filtering
  • HTTP push
  • Disposable addresses

start to matter.

Email becomes an integration layer — a bridge between older protocols and modern systems.

Real-world uses (where this actually earns its keep)

These features make sense once you see how they’re used in practice.

Managing many domains without chaos
If you operate multiple domains — client work, side projects, campaigns — forwarding lets you standardise routing rules once and reuse them everywhere.

Alias hygiene and risk containment
Using a unique alias per service makes abuse visible and reversible. When an address starts receiving spam, you disable it without touching the rest of your setup.

Keeping Gmail’s UI without lock-in
SMTP “Send Mail As” setups let Gmail act as a client while your domain remains portable.

Turning email into system input
Support tickets, alerts, and form submissions don’t need to land in an inbox. Webhooks and APIs let email trigger workflows directly.

Testing transactional mail before users see it
Previewing outbound mail across real clients and renderers avoids broken layouts and deliverability surprises.

Running closer to the metal
For advanced users, self-hosted Docker deployments and API-driven configuration allow email routing to be treated like any other managed service.

Deliverability and time to inbox

Forwarding adds latency. That’s unavoidable.

What matters is predictability and monitoring.

Forward Email actively tracks time to inbox across major providers to protect IP reputation and surface issues early. Engineers are alerted when delivery times exceed thresholds, because reputation recovery matters more than shaving milliseconds.

Forwarding introduces overhead — but controlled, monitored overhead.

Features that make sense once you understand the model

Seen individually, Forward Email’s feature list looks broad. Seen through the lens of routing and control, it becomes coherent.

  • Email archiving and download exist for portability and exit
  • Calendars and contacts support client compatibility, not productivity suites
  • Bounce and alert notifications make failures visible instead of silent
  • Message signing and encryption preserve integrity across hops
  • Encrypted PGP forwarding supports existing workflows
  • Unlimited aliases support hygiene, not novelty
  • Uptime guarantees matter — but correct delivery and recovery matter more

None of these exist to impress. They exist because forwarding exposes problems inbox providers often hide.

Pricing and practical trade-offs

Forward Email’s paid plan starts at $3 per month. That includes unlimited domains, forwarding, SMTP sending, and access to most of the platform’s features.

The low entry price doesn’t mean the service is “lightweight”. What you’re really paying for is the ongoing work required to run forwarding infrastructure responsibly: monitoring abuse, maintaining sender reputation, keeping delivery reliable, and responding when things break.

Unlimited domains make it easy to consolidate email under one account, but they don’t remove the need for care. DNS still needs to be correct, authentication still needs attention, and routing decisions still have consequences.

The pricing reflects that reality. Forward Email removes artificial limits, but it doesn’t pretend email is effortless at scale.

Free accounts, abuse, and shared reputation

Forwarding infrastructure is attractive to spammers. Free tiers amplify that risk.

Forward Email mitigates abuse with limits, monitoring, and enforcement, but no forwarding service can eliminate it entirely. Shared infrastructure means shared consequences — a structural trade-off rather than a moral failing.

A free tier isn’t a red flag. It does, however, make vigilance non-optional.

Visibility, DMARC, and accountability

Forwarding setups live or die by visibility. When mail passes through multiple systems, it’s easy for problems to disappear quietly — messages fail, reputation degrades, and no one is quite sure where or why.

DMARC reporting helps close that gap. It shows you how mail using your domain is actually being handled in the wild: whether messages are passing authentication, where alignment is breaking down, and which sources are sending on your behalf.

These reports don’t fix problems automatically. What they do is make responsibility clear. You can see when forwarding rules, authentication records, or third-party senders are causing issues — and address them before they turn into deliverability failures or abuse complaints.

For routing-first setups like Forward Email, that visibility isn’t optional. It’s how you stay in control as complexity grows.

The company behind the service

Forward Email began in 2017 as an open-source email forwarding project focused on privacy, transparency, and user control. What started as a small developer-led effort has grown into a widely used service supporting hundreds of thousands of domains, including use by open-source projects, universities, and large organisations.

The platform is still owned and maintained by its original team and is built entirely on open standards and open-source software. The full codebase is publicly available, and users can self-host the service if they choose — a rarity in commercial email services.

Over time, Forward Email has expanded beyond basic forwarding to include custom domain hosting, unlimited aliases, encrypted mailbox storage, spam and phishing protection, APIs, and standards-compliant support across SMTP and IMAP. Throughout that growth, the emphasis has remained on correctness, portability, and privacy by design rather than interface polish.

That long-term, open approach helps explain why Forward Email feels more like a piece of email plumbing than a consumer product — and why it appeals to people who want to understand and control how their mail actually moves.

Who this is actually for

Forward Email isn’t trying to replace your inbox.

It’s trying to give you control over how mail flows before it gets there.

It makes sense if you:

  • Manage many domains
  • Care about alias hygiene
  • Want to avoid inbox lock-in
  • Are comfortable working close to email’s underlying mechanics

If you want a polished, forgiving inbox experience, use an email provider.

If you want control over routing, delivery, automation, and visibility at the domain level, Forward Email does that — quietly, cheaply, and with fewer illusions.

That restraint is the point.

Forward Email isn’t exciting — and that’s exactly why it works.

Forward Email domain-level email routing service.
Explore Forward Email — domain-level routing, forwarding, and control before the inbox.

You might also like