Google discontinuing legacy free Google Apps (G Suite)

FWIW I couldn’t even hit 2.5GB per day because of what appeared to be throttling on their end. It took me around a week and a half to transfer ~13GB of emails.

:frowning_face:

They just forward email, right? I wonder if the forwarded emails get marked as spam by some email servers.

Yes, they forward the mail to you. They cannot be used to send/don’t offer SMTP.

If the sender of the email is relying on SPF (has no DKIM and has DMARC set to quarantine/reject) then the emails should go to spam as far as I know. If you control your own email server, you might be able to fix this. The issue is pretty rare though. It happened to me with Ubuntu mailing lists. That’s it.

This was last year some time though… Maybe they’ve loosened the limits a bit given this announcement.

I can’t find any concrete info as to whether they’re using SRS properly or not though, and properly authenticating SPF and DKIM before forwarding emails. This thread seems to have been inconclusive:
https://community.cloudflare.com/t/is-cloudflares-spf-handling-for-email-routing-flawed/353384

That looks like they’re using SRS unconditionally. That’s worse than I thought.

I assumed they weren’t using it at all.

Shouldn’t they always? Else SPF is broken for every email forwarded, unless every sender adds cloudflare to their SPF (which they shouldn’t). That’s why SRS was adopted as a standard, to fix SPF when forwarding.

I suspect the real complaint is that they don’t block enough spam, I can sympathize.

Couldn’t they use SPS only when SPF passes? That’s what I would expect if they’re using SPS.

1 Like

I think the better question is shouldn’t they reject the email when SPF fails. If they accept it and forward it you want it to use SRS, two SPF failures in a row doesn’t fix anything other than getting IPs rate limited faster with Google.

1 Like

That makes sense. I guess I’d want it to reject any emails that fail both SPF and DKIM.

2 Likes

I think Cloudflare does reject on dmarc failure saying most domains don’t set up a dmarc record anyway.

I tested by trying to email to a friends domain that uses CF forwarding from my domain that got dmarc set to reject but sending it from a ip that isn’t listed on spf.

 550 5.7.1 82.35.**.** isn't allowed to send email for test@*****.uk. 
2 Likes

I’m using the beta to forward to a gmail account. I’m not sure what the other user is speculating but my vps setup for smtp with just spf and dmarc sends mail just fine in the inbox when received via fowarded to gmail.

I’m using Cloudflare to forward to Gmail. If they are doing any spam filtering or verification, it is very little. Of course Gmail does a good job filtering spam so in my case it has been fine.

I was thinking this issue isn’t just CF mail forwarding it a potential issue with all of them.

What I was thinking if you got a domain that received a larger than average number of junk mail and at the same time the spam filtering on mail forwarding is poor, could that not cause domain reputation issue since CF rewrite the envelope from to your domain so I looks like the junk mail originated from you’re domain.

Idk. Other forwarding services I used didn’t srs using the domain (only required mx records).

To be honest, I don’t like srs for forwarders. I feel like it would be a better solution for the forwarder to say where the email came from and leave it up to the user to mark the forwarder as “trusted” to give this information. The server would believe the trusted server when they say what ip they got the mail from.

This should work well for forwarders since the user knows where all forwarded messages are coming from.

Finally canceled the subscription and deleted the account for Google Apps. It served me well back when I used it, but MXRoute has been more than suitable for my needs.

Just a reminder to anyone intending to cancel who hasn’t done so, the transition process starts May 1 with billing beginning July 1, so it’s best to get moving soon.

1 Like