About Forward Email
Foreword
Forward Email is a free and open-source email forwarding service focused on a user's right to privacy, and was launched in November 2017. It offers unlimited custom domain names, unlimited email addresses and aliases, unlimited disposable email addresses, spam and phishing protection, and other features. The service is maintained and owned by its original founding team of designers and developers. It is built with 100% open-source software using JavaScript, Node.js, DNS, HTTPS, TLS, and SMTP.
History
We launched in November 2017 after an initial release.
In April 2018 Cloudflare launched their privacy-first consumer DNS service, and we switched from using OpenDNS to Cloudflare for handling DNS lookups.
In October 2018, we allowed users to "Send Mail As" with Gmail and Outlook.
In May 2019, we released v2, which was a major rewrite from the initial versions and focused on performance through the use of Node.js's streams.
In February 2020, we released the Enhanced Privacy Protection plan. This plan allows users to switch off setting public DNS record entries with their email forwarding configuration aliases. Through this plan, a user's email alias information is hidden from being publicly searchable over the Internet. We also released a feature to enable or disable specific aliases while still allowing them to appear as a valid email address and return a successful SMTP status code, but the emails will be immediately discarded (similar to piping output from a process to /dev/null).
In April 2020, we released our initial alpha version of Spam Scanner after hitting countless roadblocks with existing spam-detection solutions and because none of these solutions (Rspamd and SpamAssassin) honored our privacy policy. Spam Scanner is a completely free and open-source anti-spam filtering solution which uses a Naive Bayes spam filtering approach in combination with anti-phishing and IDN homograph attack protection. We also released a feature to allow two-factor authentication (2FA) using a one-time password (OTP) for enhanced account security.
In May 2020, we allowed custom port forwarding as workaround for users to circumvent port blocking by their ISP. We also released our Free Email Forwarding RESTful API, with complete documentation and real-time request and response examples. We also released support for webhooks.
In August 2020, we added support for the Authenticated Received Chain ("ARC") email authentication system.
On November 23, 2020 we publicly launched out of our beta program.
In February 2021, we refactored our codebase to remove all Python dependencies – which allowed our stack to become 100% JavaScript and Node.js.
On September 27, 2021, we added support for email forwarding aliases to match regular expressions.
In January 2023, we launched a re-designed and page-speed optimized website.
In February 2023, we added support for error logs and a dark mode website color scheme.
In March 2023, we released Tangerine and integrated it throughout our infrastructure – this means we use DNS over HTTPS ("DoH") at the application layer. We also added support for MTA-STS and switched from hCaptcha to Cloudflare Turnstile.
In April 2023, we implemented and automated entirely new infrastructure. Our entire service is now running on globally load-balanced and proximity-based DNS (with health checks and failover) using Cloudflare (before we were using round-robin DNS on Cloudflare). Additionally we switched to bare metal servers across multiple providers – which include Vultr and Digital Ocean (before we solely used Digital Ocean). Both of these providers are SOC 2 Type 2 compliant – see Vultr's Compliance and Digital Ocean's Certifications for more insight. Furthermore, our MongoDB and Redis databases are now running on clusters with primary and standby nodes for high availability, end-to-end SSL encryption, encryption-at-rest, and point-in-time recovery (PITR).
In May 2023, we launched our outbound SMTP feature for sending email with SMTP and sending email with API requests. This feature has built-in safeguards to ensure high deliverability, a modern and robust queue and retry system, and supports error logs in real-time.
In November 2023, we launched our encrypted mailbox storage feature for IMAP suppport.
In December 2023, we added support for POP3, passkeys and WebAuthn, time to inbox monitoring, and OpenPGP for IMAP Storage.
In February 2024, we added calendar (CalDAV) support.
Throughout March to July 2024, we released major optimizations and improvements to our IMAP, POP3, and CalDAV service. Our goal was to make our service snappy – and as fast, if not faster than alternatives.
In July 2024, we added iOS Push support since Apple Mail on iOS does not support IMAP IDLE
command. Now users can get real-time notifications of new mail on their Apple iOS devices. We also added time to inbox ("TTI") monitoring for our own service – as well as Yahoo/AOL (now that they support app-generated passwords again) to the footer of every page on our website. Additionally, we now allow users to encrypt their plaintext DNS TXT records even on the free plan at no cost. Privacy should not be a feature, it should be inherently built-in to all aspects of a product. As highly requested in a Privacy Guides discussion and on our GitHub issues we've added this. Lastly, we added the ability for aliases to either quietly reject 250
, soft reject 421
, or hard reject 550
if they are disabled. Previously, disabled aliases only routed to a blackhole (e.g. /dev/null
) and it appeared to senders as if their messages to these disabled aliases succeeded.
In August 2024, we added support for exporting mailboxes as EML and Mbox formats (in addition to the SQLite export format already supported). Webhook signature support via X-Webhook-Signature
header was added. Bounce webhook support was added and we now allow users to send newsletters, announcements, and email marketing through our outbound SMTP service. We also added the ability to set domain-wide and alias-specific storage quotas for IMAP/POP3/CalDAV.