Forward Email (email provider)

I was just about to ask about this and see you mentioned it earlier here. Are you still thinking about doing this?

And on the paid plans, your automatic PGP encryption only works with email mailboxes you store, and not for forwarding aliases right?

1 Like

As mentioned in this comment we have been evaluating design approaches to support this. After much consideration, our approach is tentatively going to re-use our existing encryption and decryption helper methods and allow you to convert to an encrypted hex string, such as 1b92ca5176ba3cd8-d800d486bf5bcac5c01a23b97d3151f9 (behind a logged in page of our website to prevent bot abuse). Then instead of you would put forward-email-encrypted=1b92ca5176ba3cd8-d800d486bf5bcac5c01a23b97d3151f9.

Another thought we had was to use a public PGP key, e.g. one for to use the openpgp library to encrypt and then encode in base64 a forwarding configuration, e.g. However the problem with that is the encoding from armor to base64 results in quite a lengthy string. Some DNS providers such as AWS Route 53 limit you to 255 max characters for TXT entry, and then that requires you to split it up with spaces, quotes, and it becomes a mess. It’s hard to use, not easy to debug, and a pain to maintain (often much more of a pain than simply upgrading to our $3/mo plan). The only plus side of having base64 is that we could use the validator.js library, e.g. validator.isBase64(str) and not force you to use forward-email-encryption= prefix, and instead just use forward-email=somelengthybase64string.

This is trivial to publish the page/tool to allow you to do this, and it is also trivial to integrate it into the forwarding backend, however there are a lot of edge cases (e.g. we have a feature that lets you import plaintext TXT forwarding configurations if you happen to upgrade, we’d need to update our docs in the FAQ to mention this, and so many more edge cases). We’re trying to wrap up CalDAV (calendar) issues/TODO’s right now, so hopefully by the end of this week we could look into making this happen.

At the end of the day, we’re still the only provider that is 100% open-source and offer standard SMTP, IMAP, POP3, and CalDAV. Nobody else comes even close to this. Others (like Proton, Skiff, and Tuta) all advertise as open-source, but their back-ends are completely closed-source. That alone should have us included in this list along with the fact that we already have 430,000+ domains on our service (which no other service on PG comes close to).

1 Like

Oh I quoted the wrong comment. My second question was actually supposed to be: Do you have plans to support automatic PGP encryption of forwarded emails? Like you receive an email, encrypt it with the person’s public key, and then forward it to their mailbox. (Nothing to do with the TXT records)

It looks like you only support automatic incoming PGP encryption for mailboxes you host, unless I’m missing something. Just want to confirm that is indeed the case.

Correct. We don’t modify messages that are forwarded right now as any modification of the body could break DKIM signatures and cause messages to fail DMARC and DKIM alignment. It is on our roadmap to explore this in the future, but as of now the only encryption done is if you have uploaded your public key and the message is not already encrypted when it is attempted to be stored in your IMAP mailbox, then we will encrypt it for you with your provided key.

1 Like

@forwardemail this might be a dumb question but I can’t find the answer on your site after searching for a bit. Where are you located? The only hint I found was the governing law section of your terms of service.

We are a :us: US-based company as you’ve already discovered and mentioned above:

Hey and here’s my honest experience so far with forwardemail (1 week user).

So I’ve been with tutanota for quite a while (on the grandfathered 1 eur plan, still active today), but last year decided to search for alternatives (they, rightfully so probably, decided not to give/include any other development improvements/perks to these former premium accounts, such as not counting attached domain aliases in the included 5). This, plus the refusal to include/show at least the sender in the android email app before opening the app, made me searching for alternatives.

Proton was too expensive for me, so naturally there came skiff. We all know how that ended, so I kept searching.
Looked into migado, which for my needs was enough with the smallest plan, but found out there was no encryption at rest. Then I was about to settle for mailbox, but read somewhere here that they use the account password for imap login, which made it a no go for me.

So I came across forwardemail. Found this thread actually. So I liked what I read.
Signed up with them but since I long had any interaction with imap clients, I forgot and I unknowngly reached the limit of 30 connections in my betterbird and fairemail clients (had multiple folders).

I angrily (I guess) contacted support, arguing that their service doesn’t even cover basic email like imap, and that I am unable to use my email and that I probably want a refund. I was quickly replied that I will be doubled my connection limits. In hindsight I really didn’t need this, I simply edited the folders in fairemail to poll instead of sync (except for inbox).

I also setup my pgp with my domains, so everything seems sleek so far, and support has been great. They seem to actively develop/introduce things, now working on caldav.

Found one visual bug on the web panel (ugly looking page when a long regex was used), which was fixed the same hour I reported it.
Found another bug with the passkey login not working at my end (when using yubikey) which I reported yesterday. I don’t know if it’s actually a bug, or if I do something wrong :slight_smile:

This has been my experience, I really like the active involvement and quick support.
I give them a thumb up so far, and will stick around as their customer :slight_smile:

1 Like

Could you perhaps describe the UI or share screenshot of it ?

As for the UI, what you see in their website pages is what you get in your web account.
Nothing fancy and sleek like say skiff have/had, but at least a clean interface. Could use a future revamp, for sure.

What I also appreciate is that they added the api integration with Bitwarden (I use selfhosted vaultwarden and it works also) and I can create randon aliases on the fly in the extension directly. Pretty nice.