If you forward your IU email address and aren't receiving external email messages

On this page:


Potential consequences of forwarding your IU email address

Forwarding mail sent to your IU email address to a non-IU email system may have unintended consequences, such as email messages being marked as spam or not being delivered at all. This is because of the increasing adoption of email authentication features, such as SPF, DKIM, and DMARC. Email messages that do not align with these features may result in legitimate messages being marked as spam, or not being delivered.

Since forwarding your IU email address simply forwards email sent to your IU email address to a third-party email system without rewriting the sender address, the third-party email system will see messages as coming from a potentially spoofed address with the original sender as the sending address, not your IU email address. Email authentication features validate the originating sender information, which may cause email messages forwarded from your IU account to appear as spoofed, potentially malicious, messages.

Important:

Before setting your IU email address to forward to a non-IU service (for example, personal Gmail, Hotmail, Yahoo!), note:

  • UITS cannot guarantee email delivery to non-IU accounts, delays in delivery can occur, and the UITS Support Center may not be able to help with some problems concerning non-IU accounts. If your email forwarding fails for any reason, you may miss important official communications sent to your IU address for which you are still responsible.
  • Faculty, staff, residents, and students in HIPAA Affected Areas whose roles may require sharing protected health information (PHI) via email (such as the Schools of Medicine, Dentistry, or Optometry) are not permitted to set up mail forwarding to outside accounts, as this could result in the violation of federal and state laws. You are permitted to forward your IU email to your IU Health (username@iuhealth.org) email account. For more, see HIPAA Privacy and Security Compliance.

Example

For example, assume that an email message from PayPal is sent to dvader@iu.edu. Darth Vader is forwarding his emails to his AOL email address. AOL receives the message from an IU email server, but the message was originally generated from PayPal's email servers with a PayPal email address. AOL checks the authentication of the message against AOL's published SPF records and finds that IU's email servers are not authorized to send email messages on PayPal's behalf. To AOL, it appears to be a spoofed message. Since PayPal publishes a DMARC policy of "reject", AOL follows PayPal's recommendation to reject the message, and it is not accepted for delivery. Darth Vader is unaware that the email message was rejected.

Workaround for IU Exchange users

IU users with Exchange accounts may create a rule that will generate a new email message for the outbound delivery; for instructions, see Forward your IU email to another address using Microsoft Outlook or Outlook on the web. Using this method, email messages are generated from an IU system with an IU sender address, and receiving email systems will validate the email authentication against IU's systems, not the originating sender's systems.

This is document azfm in the Knowledge Base.
Last modified on 2022-12-20 14:23:17.