Email Infrastructure

A look at how support actually works at email providers, why it often breaks down at scale, and what good support should look like in practice.

A deep dive into ForwardEmail.net — how domain-level routing, security, and automation work before messages reach an inbox.

The address you see in an email isn’t always the one that actually sent it. Behind every message are multiple “from” identities — each with a different technical role. Understanding them explains spam checks, bounces, and why email authentication exists at all.

Gmail didn’t become the world’s default inbox by accident. This piece explores how scale, design, and ecosystem beat privacy-first ideals.

DMARC defines what happens when email authentication fails, turning SPF and DKIM results into clear policy decisions that protect domains from spoofing and abuse.

DKIM (DomainKeys Identified Mail) doesn’t verify who sent an email. It verifies that the message hasn’t been altered since it was signed, and that a domain takes responsibility for its contents. Understanding DKIM means understanding what it proves — and what it deliberately ignores.

SPF doesn’t verify who sent an email — it only confirms that a server was allowed to deliver it. That distinction explains why SPF passes during phishing, fails during forwarding, and can’t be treated as a trust signal on its own.

Email authentication relies on SPF, DKIM, and DMARC — a set of interlocking systems — but most people misunderstand what they really do, and what they don’t protect.