Email RFC Protocol Support - Complete Standards & Specifications Guide
About This Document
This document outlines the RFC (Request for Comments) protocol support for Forward Email. Since Forward Email uses WildDuck under the hood for IMAP/POP3 functionality, the protocol support and limitations documented here reflect WildDuck's implementation.
Important
Forward Email uses SQLite for message storage instead of MongoDB (which WildDuck originally used). This affects certain implementation details documented below.
Source Code: https://github.com/forwardemail/forwardemail.net
Architecture Overview
Email Service Comparison - Protocol Support & RFC Standards Compliance
Important
Sandboxed and Quantum-resistant Encryption: Forward Email is the only email service that stores individually encrypted SQLite mailboxes using your password (which only you have). Each mailbox is encrypted with sqleet (ChaCha20-Poly1305), self-contained, sandboxed, and portable. If you forget your password, you lose your mailbox - not even Forward Email can recover it. See Quantum-Safe Encrypted Email for details.
Compare email protocol support and RFC standards implementation across major email providers:
| Feature | Forward Email | Postfix/Dovecot | Gmail | iCloud Mail | Outlook.com | Fastmail | Yahoo/AOL (Verizon) | ProtonMail | Tutanota |
|---|---|---|---|---|---|---|---|---|---|
| Custom Domain Price | Free | Free | $7.20/mo | $0.99/mo | $7.20/mo | $5/mo | $3.19/mo | $4.99/mo | $3.27/mo |
| IMAP4rev1 (RFC 3501) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ⚠️ Via Bridge | ❌ Not Supported |
| IMAP4rev2 (RFC 9051) | ⚠️ Partial | ⚠️ Partial | ⚠️ 31% | ⚠️ 92% | ⚠️ 46% | ⚠️ 69% | ⚠️ 85% | ⚠️ Via Bridge | ❌ Not Supported |
| POP3 (RFC 1939) | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported | ✅ Supported | ⚠️ Via Bridge | ❌ Not Supported |
| SMTP (RFC 5321) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ⚠️ Via Bridge | ❌ Not Supported |
| JMAP (RFC 8620) | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported |
| DKIM (RFC 6376) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| SPF (RFC 7208) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| DMARC (RFC 7489) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| ARC (RFC 8617) | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported |
| MTA-STS (RFC 8461) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| DANE (RFC 7671) | ⚠️ Partial | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported | ✅ Supported |
| DSN (RFC 3461) | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported | ⚠️ Unknown | ❌ Not Supported | ⚠️ Via Bridge | ❌ Not Supported |
| REQUIRETLS (RFC 8689) | ✅ Supported | ✅ Supported | ⚠️ Unknown | ⚠️ Unknown | ⚠️ Unknown | ⚠️ Unknown | ⚠️ Unknown | ⚠️ Via Bridge | ❌ Not Supported |
| ManageSieve (RFC 5804) | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported |
| OpenPGP (RFC 9580) | ✅ Supported | ⚠️ Via Plugins | ⚠️ Third-party | ⚠️ Third-party | ⚠️ Third-party | ⚠️ Third-party | ⚠️ Third-party | ✅ Native | ❌ Not Supported |
| S/MIME (RFC 8551) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ⚠️ Partial | ❌ Not Supported | ✅ Supported | ❌ Not Supported |
| CalDAV (RFC 4791) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ✅ Via Bridge | ❌ Not Supported |
| CardDAV (RFC 6352) | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ✅ Via Bridge | ❌ Not Supported |
| Tasks (VTODO) | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported |
| Sieve (RFC 5228) | ⚠️ Future | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ❌ Not Supported |
| Catch-All | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported | ❌ Not Supported | ✅ Supported |
| Unlimited Aliases | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported |
| Two-Factor Auth | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| Push Notifications | ✅ Supported | ⚠️ Via Plugins | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported |
| Calendar/Contacts Desktop | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported |
| Advanced Search | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| API/Integrations | ✅ 39 Endpoints | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ✅ Supported | ❌ Not Supported | ✅ Supported | ❌ Not Supported |
Protocol Support Visualization
Core Email Protocols
Email Protocol Flow
IMAP4 Email Protocol and Extensions
Note
Forward Email supports IMAP4rev1 (RFC 3501) with partial support for IMAP4rev2 (RFC 9051) features.
Forward Email provides robust IMAP4 support through the WildDuck mail server implementation. The server implements IMAP4rev1 (RFC 3501) with partial support for IMAP4rev2 (RFC 9051) extensions.
Forward Email's IMAP functionality is provided by the WildDuck dependency. The following email RFCs are supported:
| RFC | Title | Implementation Notes |
|---|---|---|
| RFC 3501 | Internet Message Access Protocol (IMAP) - Version 4rev1 | Full support with intentional differences (see below) |
| RFC 2177 | IMAP4 IDLE command | Push-style notifications |
| RFC 2342 | IMAP4 Namespace | Mailbox namespace support |
| RFC 2087 | IMAP4 QUOTA extension | Storage quota management |
| RFC 2971 | IMAP4 ID extension | Client/server identification |
| RFC 5161 | IMAP4 ENABLE Extension | Enable IMAP extensions |
| RFC 4959 | IMAP Extension for SASL Initial Client Response (SASL-IR) | Initial client response |
| RFC 3691 | IMAP4 UNSELECT command | Close mailbox without EXPUNGE |
| RFC 4315 | IMAP UIDPLUS extension | Enhanced UID commands |
| RFC 7162 | IMAP Extensions: Quick Flag Changes Resynchronization (CONDSTORE) | Conditional STORE |
| RFC 6154 | IMAP LIST Extension for Special-Use Mailboxes | Special mailbox attributes |
| RFC 6851 | IMAP MOVE Extension | Atomic MOVE command |
| RFC 6855 | IMAP Support for UTF-8 | UTF-8 support |
| RFC 3348 | IMAP4 Child Mailbox Extension | Child mailbox information |
| RFC 7889 | IMAP4 Extension for Advertising Maximum Upload Size (APPENDLIMIT) | Maximum upload size |
Supported IMAP Extensions:
| Extension | RFC | Status | Description |
|---|---|---|---|
| IDLE | RFC 2177 | ✅ Supported | Push-style notifications |
| NAMESPACE | RFC 2342 | ✅ Supported | Mailbox namespace support |
| QUOTA | RFC 2087 | ✅ Supported | Storage quota management |
| ID | RFC 2971 | ✅ Supported | Client/server identification |
| ENABLE | RFC 5161 | ✅ Supported | Enable IMAP extensions |
| SASL-IR | RFC 4959 | ✅ Supported | Initial client response |
| UNSELECT | RFC 3691 | ✅ Supported | Close mailbox without EXPUNGE |
| UIDPLUS | RFC 4315 | ✅ Supported | Enhanced UID commands |
| CONDSTORE | RFC 7162 | ✅ Supported | Conditional STORE |
| SPECIAL-USE | RFC 6154 | ✅ Supported | Special mailbox attributes |
| MOVE | RFC 6851 | ✅ Supported | Atomic MOVE command |
| UTF8=ACCEPT | RFC 6855 | ✅ Supported | UTF-8 support |
| CHILDREN | RFC 3348 | ✅ Supported | Child mailbox information |
| APPENDLIMIT | RFC 7889 | ✅ Supported | Maximum upload size |
| XLIST | Non-standard | ✅ Supported | Gmail-compatible folder listing |
| XAPPLEPUSHSERVICE | Non-standard | ✅ Supported | Apple Push Notification Service |
IMAP Protocol Differences from RFC Specifications
Warning
The following differences from RFC specifications may affect client compatibility.
Forward Email intentionally deviates from some IMAP RFC specifications. These differences are inherited from WildDuck and are documented below:
- No \Recent flag: The
\Recentflag is not implemented. All messages are returned without this flag. - RENAME doesn't affect subfolders: When renaming a folder, subfolders are not automatically renamed. The folder hierarchy is flat in the database.
- INBOX cannot be renamed: RFC 3501 permits renaming INBOX, but Forward Email explicitly prohibits it. See WildDuck source code.
- No unsolicited FLAGS responses: When flags are changed, no unsolicited FLAGS responses are sent to the client.
- STORE returns NO for deleted messages: Attempting to modify flags on deleted messages returns NO instead of silently ignoring.
- CHARSET ignored in SEARCH: The
CHARSETargument in SEARCH commands is ignored. All searches use UTF-8. - MODSEQ metadata ignored:
MODSEQmetadata in STORE commands is ignored. - SEARCH TEXT and SEARCH BODY: Forward Email uses SQLite FTS5 (Full-Text Search) instead of MongoDB's
$textsearch. This provides:- Support for
NOToperator (MongoDB doesn't support this) - Ranked search results
- Sub-100ms search performance on large mailboxes
- Support for
- Autoexpunge behavior: Messages marked with
\Deletedare automatically expunged when the mailbox is closed. - Message fidelity: Some message modifications may not preserve the exact original message structure.
IMAP4rev2 Partial Support:
Forward Email implements IMAP4rev1 (RFC 3501) with partial IMAP4rev2 (RFC 9051) support. The following IMAP4rev2 features are not yet supported:
- LIST-STATUS - Combined LIST and STATUS commands
- LITERAL- - Non-synchronizing literals (minus variant)
- OBJECTID - Unique object identifiers
- SAVEDATE - Save date attribute
- REPLACE - Atomic message replacement
- UNAUTHENTICATE - Close authentication without closing connection
Relaxed Body Structure Handling:
Forward Email uses "relaxed body" handling for malformed MIME structures, which may differ from strict RFC interpretation. This improves compatibility with real-world emails that don't perfectly conform to standards.
METADATA Extension (RFC 5464):
The IMAP METADATA extension is not supported. For more information about this extension, see RFC 5464. Discussion about adding this feature can be found in WildDuck Issue #937.
IMAP Extensions NOT Supported
The following IMAP extensions from the IANA IMAP Capabilities Registry are NOT supported:
| RFC | Title | Reason |
|---|---|---|
| RFC 2086 | IMAP4 ACL extension | Shared folders not implemented. See WildDuck Issue #427 |
| RFC 5256 | IMAP SORT and THREAD Extensions | Threading implemented internally but not via RFC 5256 protocol. See WildDuck Issue #12 |
| RFC 5162 | IMAP4 Extensions for Quick Mailbox Resynchronization (QRESYNC) | Not implemented |
| RFC 5464 | IMAP METADATA Extension | Metadata operations ignored. See WildDuck documentation |
| RFC 5258 | IMAP4 LIST Command Extensions | Not implemented |
| RFC 5267 | Contexts for IMAP4 | Not implemented |
| RFC 5465 | IMAP NOTIFY Extension | Not implemented |
| RFC 5466 | IMAP4 FILTERS Extension | Not implemented |
| RFC 6203 | IMAP4 Extension for Fuzzy Search | Not implemented |
| RFC 6785 | IMAP4 Implementation Recommendations | Recommendations not fully followed |
| RFC 7162 | IMAP Extensions: Quick Flag Changes Resynchronization (CONDSTORE) and Quick Mailbox Resynchronization (QRESYNC) | Not implemented |
| RFC 8437 | IMAP UNAUTHENTICATE Extension for Connection Reuse | Not implemented |
| RFC 8438 | IMAP Extension for STATUS=SIZE | Not implemented |
| RFC 8457 | IMAP "$Important" Keyword and "\Important" Special-Use Attribute | Not implemented |
| RFC 8474 | IMAP Extension for Object Identifiers | Not implemented |
| RFC 9051 | Internet Message Access Protocol (IMAP) - Version 4rev2 | Forward Email implements IMAP4rev1 (RFC 3501) |
POP3 Email Protocol and Extensions
Note
Forward Email supports POP3 (RFC 1939) with standard extensions for email retrieval.
Forward Email's POP3 functionality is provided by the WildDuck dependency. The following email RFCs are supported:
| RFC | Title | Implementation Notes |
|---|---|---|
| RFC 1939 | Post Office Protocol - Version 3 (POP3) | Full support with intentional differences (see below) |
| RFC 2595 | Using TLS with IMAP, POP3 and ACAP | STARTTLS support |
| RFC 2449 | POP3 Extension Mechanism | CAPA command support |
Forward Email provides POP3 support for clients that prefer this simpler protocol over IMAP. POP3 is ideal for users who want to download emails to a single device and remove them from the server.
Supported POP3 Extensions:
| Extension | RFC | Status | Description |
|---|---|---|---|
| TOP | RFC 1939 | ✅ Supported | Retrieve message headers |
| USER | RFC 1939 | ✅ Supported | Username authentication |
| UIDL | RFC 1939 | ✅ Supported | Unique message identifiers |
| EXPIRE | RFC 2449 | ✅ Supported | Message expiration policy |
POP3 Protocol Differences from RFC Specifications
Warning
POP3 has inherent limitations compared to IMAP.
Important
Critical Difference: Forward Email vs WildDuck POP3 DELE Behavior
Forward Email implements RFC-compliant permanent deletion for POP3 DELE commands, unlike WildDuck which moves messages to Trash.
Forward Email Behavior (source code):
DELE→QUITpermanently deletes messages- Follows RFC 1939 specification exactly
- Matches behavior of Dovecot (default), Postfix, and other standards-compliant servers
WildDuck Behavior (discussion):
DELE→QUITmoves messages to Trash (Gmail-like)- Intentional design decision for user safety
- Non-RFC-compliant but prevents accidental data loss
Why Forward Email Differs:
- RFC Compliance: Adheres to RFC 1939 specification
- User Expectations: Download-and-delete workflow expects permanent deletion
- Storage Management: Proper disk space reclamation
- Interoperability: Consistent with other RFC-compliant servers
Note
POP3 Message Listing: Forward Email lists ALL messages from INBOX with no limit. This differs from WildDuck which limits to 250 messages by default. See source code.
Single-Device Access:
POP3 is designed for single-device access. Messages are typically downloaded and removed from the server, making it unsuitable for multi-device synchronization.
No Folder Support:
POP3 only accesses the INBOX folder. Other folders (Sent, Drafts, Trash, etc.) are not accessible via POP3.
Limited Message Management:
POP3 provides basic message retrieval and deletion. Advanced features like flagging, moving, or searching messages are not available.
POP3 Extensions NOT Supported
The following POP3 extensions from the IANA POP3 Extension Mechanism Registry are NOT supported:
| RFC | Title | Reason |
|---|---|---|
| RFC 6856 | Post Office Protocol Version 3 (POP3) Support for UTF-8 | Not implemented in WildDuck POP3 server |
| RFC 2595 | STLS command | Only STARTTLS supported, not STLS |
| RFC 3206 | The SYS and AUTH POP Response Codes | Not implemented |
SMTP Email Protocol and Extensions
Note
Forward Email supports SMTP (RFC 5321) with modern extensions for secure and reliable email delivery.
Forward Email's SMTP functionality is provided by multiple components: smtp-server (nodemailer), zone-mta, and custom implementations. The following email RFCs are supported:
| RFC | Title | Implementation Notes |
|---|---|---|
| RFC 5321 | Simple Mail Transfer Protocol (SMTP) | Full support |
| RFC 3207 | SMTP Service Extension for Secure SMTP over Transport Layer Security (STARTTLS) | TLS/SSL support |
| RFC 4954 | SMTP Service Extension for Authentication (AUTH) | PLAIN, LOGIN, CRAM-MD5, XOAUTH2 |
| RFC 6531 | SMTP Extension for Internationalized Email (SMTPUTF8) | Native unicode email address support |
| RFC 3461 | SMTP Service Extension for Delivery Status Notifications (DSN) | Full DSN support |
| RFC 3463 | Enhanced Mail System Status Codes | Enhanced status codes in responses |
| RFC 1870 | SMTP Service Extension for Message Size Declaration (SIZE) | Maximum message size advertisement |
| RFC 2920 | SMTP Service Extension for Command Pipelining (PIPELINING) | Command pipelining support |
| RFC 1652 | SMTP Service Extension for 8bit-MIMEtransport (8BITMIME) | 8-bit MIME support |
| RFC 6152 | SMTP Service Extension for 8-bit MIME Transport | 8-bit MIME support |
| RFC 2034 | SMTP Service Extension for Returning Enhanced Error Codes (ENHANCEDSTATUSCODES) | Enhanced status codes |
Forward Email implements a full-featured SMTP server with support for modern extensions that enhance security, reliability, and functionality.
Supported SMTP Extensions:
| Extension | RFC | Status | Description |
|---|---|---|---|
| PIPELINING | RFC 2920 | ✅ Supported | Command pipelining |
| SIZE | RFC 1870 | ✅ Supported | Message size declaration (52MB limit) |
| ETRN | RFC 1985 | ✅ Supported | Remote queue processing |
| STARTTLS | RFC 3207 | ✅ Supported | Upgrade to TLS |
| ENHANCEDSTATUSCODES | RFC 2034 | ✅ Supported | Enhanced status codes |
| 8BITMIME | RFC 6152 | ✅ Supported | 8-bit MIME transport |
| DSN | RFC 3461 | ✅ Supported | Delivery Status Notifications |
| CHUNKING | RFC 3030 | ✅ Supported | Chunked message transfer |
| SMTPUTF8 | RFC 6531 | ⚠️ Partial | UTF-8 email addresses (partial) |
| REQUIRETLS | RFC 8689 | ✅ Supported | Require TLS for delivery |
Delivery Status Notifications (DSN)
Tip
DSN provides detailed delivery status information for sent emails.
Forward Email fully supports DSN (RFC 3461), which allows senders to request delivery status notifications. This feature provides:
- Success notifications when messages are delivered
- Failure notifications with detailed error information
- Delay notifications when delivery is temporarily delayed
DSN is particularly useful for:
- Confirming important message delivery
- Troubleshooting delivery issues
- Automated email processing systems
- Compliance and audit requirements
REQUIRETLS Support
Important
Forward Email is one of the few providers that explicitly advertises and enforces REQUIRETLS.
Forward Email supports REQUIRETLS (RFC 8689), which ensures that email messages are only delivered over TLS-encrypted connections. This provides:
- End-to-end encryption for the entire delivery path
- User-facing enforcement via checkbox in email composer
- Rejection of unencrypted delivery attempts
- Enhanced security for sensitive communications
SMTP Extensions NOT Supported
The following SMTP extensions from the IANA SMTP Service Extensions Registry are NOT supported:
| RFC | Title | Reason |
|---|---|---|
| RFC 4865 | SMTP Submission Service Extension for Future Message Release (FUTURERELEASE) | Not implemented |
| RFC 6710 | SMTP Extension for Message Transfer Priorities (MT-PRIORITY) | Not implemented |
| RFC 7293 | The Require-Recipient-Valid-Since Header Field and SMTP Service Extension | Not implemented |
| RFC 7372 | Email Auth Status Codes | Not fully implemented |
| RFC 4468 | Message Submission BURL Extension | Not implemented |
| RFC 3030 | SMTP Service Extensions for Transmission of Large and Binary MIME Messages (CHUNKING, BINARYMIME) | Not implemented |
| RFC 2852 | Deliver By SMTP Service Extension | Not implemented |
JMAP Email Protocol
Caution
JMAP is not currently supported by Forward Email.
| RFC | Title | Status | Reason |
|---|---|---|---|
| RFC 8620 | The JSON Meta Application Protocol (JMAP) | ❌ Not Supported | Forward Email uses IMAP/POP3/SMTP and a comprehensive REST API instead |
JMAP (JSON Meta Application Protocol) is a modern email protocol designed to replace IMAP.
Why JMAP is Not Supported:
"JMAP is a beast that should not have been invented. It tries to convert TCP/IMAP (already a bad protocol by todays standards) into HTTP/JSON, just using a different transport while keeping the spirit." — Andris Reinman, HN Discussion
"JMAP is more than 10 years old, and there is almost no adoption at all" – Andris Reinman, GitHub Discussion
Also see additional comments at https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=jmap andris&sort=byDate&type=comment.
Forward Email currently focuses on providing excellent IMAP, POP3, and SMTP support, along with a comprehensive REST API for email management. JMAP support may be considered in the future based on user demand and ecosystem adoption.
Alternative: Forward Email offers a Complete REST API with 39 endpoints that provides similar functionality to JMAP for programmatic email access.
Email Security
Email Security Architecture
Email Message Authentication Protocols
Note
Forward Email implements all major email authentication protocols to prevent spoofing and ensure message integrity.
Forward Email uses the mailauth library for email authentication. The following RFCs are supported:
| RFC | Title | Implementation Notes |
|---|---|---|
| RFC 6376 | DomainKeys Identified Mail (DKIM) Signatures | Full DKIM signing and verification |
| RFC 8463 | A New Cryptographic Signature Method for DKIM (Ed25519-SHA256) | Supports both RSA-SHA256 and Ed25519-SHA256 signing algorithms |
| RFC 7208 | Sender Policy Framework (SPF) | SPF record validation |
| RFC 7489 | Domain-based Message Authentication, Reporting, and Conformance (DMARC) | DMARC policy enforcement |
| RFC 8617 | Authenticated Received Chain (ARC) | ARC sealing and validation |
Email authentication protocols verify that messages are genuinely from the claimed sender and haven't been tampered with during transit.
Authentication Protocol Support
| Protocol | RFC | Status | Description |
|---|---|---|---|
| DKIM | RFC 6376 | ✅ Supported | DomainKeys Identified Mail - Cryptographic signatures |
| SPF | RFC 7208 | ✅ Supported | Sender Policy Framework - IP address authorization |
| DMARC | RFC 7489 | ✅ Supported | Domain-based Message Authentication - Policy enforcement |
| ARC | RFC 8617 | ✅ Supported | Authenticated Received Chain - Preserve authentication across forwards |
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to email headers, allowing recipients to verify that the message was authorized by the domain owner and hasn't been modified in transit.
Forward Email uses mailauth for DKIM signing and verification.
Key Features:
- Automatic DKIM signing for all outbound messages
- Support for RSA and Ed25519 keys
- Multiple selector support
- DKIM verification for inbound messages
SPF (Sender Policy Framework)
SPF allows domain owners to specify which IP addresses are authorized to send email on behalf of their domain.
Key Features:
- SPF record validation for inbound messages
- Automatic SPF checking with detailed results
- Support for include, redirect, and all mechanisms
- Configurable SPF policies per domain
DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC builds on SPF and DKIM to provide policy enforcement and reporting.
Key Features:
- DMARC policy enforcement (none, quarantine, reject)
- Alignment checking for SPF and DKIM
- DMARC aggregate reporting
- Per-domain DMARC policies
ARC (Authenticated Received Chain)
ARC preserves email authentication results across forwarding and mailing list modifications.
Forward Email uses the mailauth library for ARC verification and sealing.
Key Features:
- ARC sealing for forwarded messages
- ARC validation for inbound messages
- Chain verification across multiple hops
- Preserves original authentication results
Authentication Flow
Email Transport Security Protocols
Important
Forward Email implements multiple layers of transport security to protect emails in transit.
Forward Email implements modern transport security protocols:
| RFC | Title | Status | Implementation Notes |
|---|---|---|---|
| RFC 8461 | SMTP MTA Strict Transport Security (MTA-STS) | ✅ Supported | Extensively used on IMAP, SMTP, and MX servers. See create-mta-sts-cache.js and get-transporter.js |
| RFC 8460 | SMTP TLS Reporting | ✅ Supported | Via mailauth library |
| RFC 7671 | The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance | ⚠️ Partial | Custom TLSA resolver implemented (Tangerine.resolveTlsa) but not yet used for DANE validation |
| RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | ⚠️ Partial | TLSA resolution available but DANE not fully implemented |
| RFC 8314 | Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access | ✅ Supported | TLS required for all connections |
| RFC 8689 | SMTP Service Extension for Requiring TLS (REQUIRETLS) | ✅ Supported | Full support for REQUIRETLS SMTP extension and "TLS-Required" header |
Transport security protocols ensure that email messages are encrypted and authenticated during transmission between mail servers.
Transport Security Support
| Protocol | RFC | Status | Description |
|---|---|---|---|
| TLS | RFC 8314 | ✅ Supported | Transport Layer Security - Encrypted connections |
| MTA-STS | RFC 8461 | ✅ Supported | Mail Transfer Agent Strict Transport Security |
| DANE | RFC 7671 | ⚠️ Partial | DNS-based Authentication of Named Entities |
| REQUIRETLS | RFC 8689 | ✅ Supported | Require TLS for entire delivery path |
TLS (Transport Layer Security)
Forward Email enforces TLS encryption for all email connections (SMTP, IMAP, POP3).
Key Features:
- TLS 1.2 and TLS 1.3 support
- Automatic certificate management
- Perfect Forward Secrecy (PFS)
- Strong cipher suites only
MTA-STS (Mail Transfer Agent Strict Transport Security)
MTA-STS ensures that email is only delivered over TLS-encrypted connections by publishing a policy via HTTPS.
Forward Email implements MTA-STS using create-mta-sts-cache.js.
Key Features:
- Automatic MTA-STS policy publication
- Policy caching for performance
- Downgrade attack prevention
- Certificate validation enforcement
DANE (DNS-based Authentication of Named Entities)
Warning
DANE support is partial - outbound only, not enforced for inbound.
DANE uses DNSSEC to publish TLS certificate information in DNS, allowing mail servers to verify certificates without relying on certificate authorities.
Current Status:
- ⚠️ Partial support for outbound delivery
- ❌ Not enforced for inbound delivery
- Requires DNSSEC-signed domains
Tip
Future DANE Support: Full DANE support may be possible in the future if Node.js releases TLSA support. See nodejs/node#39569.
REQUIRETLS
Tip
Forward Email is one of the few providers with user-facing REQUIRETLS support.
REQUIRETLS ensures that email messages are only delivered over TLS-encrypted connections for the entire delivery path.
Key Features:
- User-facing checkbox in email composer
- Automatic rejection of unencrypted delivery
- End-to-end TLS enforcement
- Detailed failure notifications
Tip
User-Facing TLS Enforcement: Forward Email provides a checkbox under My Account > Domains > Settings to enforce TLS for all inbound connections. When enabled, this feature rejects any inbound email not sent over a TLS-encrypted connection with a 530 error code, ensuring all incoming mail is encrypted in transit.
Transport Security Flow
Email Message Encryption
Note
Forward Email supports both OpenPGP and S/MIME for end-to-end email encryption.
Forward Email supports OpenPGP and S/MIME encryption:
| RFC | Title | Status | Implementation Notes |
|---|---|---|---|
| RFC 9580 | OpenPGP (supersedes RFC 4880) | ✅ Supported | Via OpenPGP.js v6+ integration. See FAQ |
| RFC 8551 | Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification | ✅ Supported | Both RSA and ECC algorithms supported. See FAQ |
Message encryption protocols protect email content from being read by anyone except the intended recipient, even if the message is intercepted during transit.
Encryption Support
| Protocol | RFC | Status | Description |
|---|---|---|---|
| OpenPGP | RFC 9580 | ✅ Supported | Pretty Good Privacy - Public key encryption |
| S/MIME | RFC 8551 | ✅ Supported | Secure/Multipurpose Internet Mail Extensions |
| WKD | Draft | ✅ Supported | Web Key Directory - Automatic key discovery |
OpenPGP (Pretty Good Privacy)
OpenPGP provides end-to-end encryption using public key cryptography. Forward Email supports OpenPGP through the Web Key Directory (WKD) protocol.
Key Features:
- Automatic key discovery via WKD
- PGP/MIME support for encrypted attachments
- Key management through email client
- Compatible with GPG, Mailvelope, and other OpenPGP tools
How to Use:
- Generate a PGP key pair in your email client
- Upload your public key to Forward Email's WKD
- Your key is automatically discoverable by other users
- Send and receive encrypted emails seamlessly
S/MIME (Secure/Multipurpose Internet Mail Extensions)
S/MIME provides email encryption and digital signatures using X.509 certificates.
Key Features:
- Certificate-based encryption
- Digital signatures for message authentication
- Native support in most email clients
- Enterprise-grade security
How to Use:
- Obtain an S/MIME certificate from a Certificate Authority
- Install the certificate in your email client
- Configure your client to encrypt/sign messages
- Exchange certificates with recipients
SQLite Mailbox Encryption
Important
Forward Email provides an additional layer of security with encrypted SQLite mailboxes.
Beyond message-level encryption, Forward Email encrypts entire mailboxes using sqleet (ChaCha20-Poly1305).
Key Features:
- Password-based encryption - Only you have the password
- Quantum-resistant - ChaCha20-Poly1305 cipher
- Zero-knowledge - Forward Email cannot decrypt your mailbox
- Sandboxed - Each mailbox is isolated and portable
- Unrecoverable - If you forget your password, your mailbox is lost
Encryption Comparison
| Feature | OpenPGP | S/MIME | SQLite Encryption |
|---|---|---|---|
| End-to-End | ✅ Yes | ✅ Yes | ✅ Yes |
| Key Management | Self-managed | CA-issued | Password-based |
| Client Support | Requires plugin | Native | Transparent |
| Use Case | Personal | Enterprise | Storage |
| Quantum-Resistant | ⚠️ Depends on key | ⚠️ Depends on cert | ✅ Yes |
Encryption Flow
Extended Functionality
Email Message Format Standards
Note
Forward Email supports modern email format standards for rich content and internationalization.
Forward Email supports standard email message formats:
| RFC | Title | Implementation Notes |
|---|---|---|
| RFC 5322 | Internet Message Format | Full support |
| RFC 2045 | MIME Part One: Format of Internet Message Bodies | Full MIME support |
| RFC 2046 | MIME Part Two: Media Types | Full MIME support |
| RFC 2047 | MIME Part Three: Message Header Extensions for Non-ASCII Text | Full MIME support |
| RFC 2048 | MIME Part Four: Registration Procedures | Full MIME support |
| RFC 2049 | MIME Part Five: Conformance Criteria and Examples | Full MIME support |
Email format standards define how email messages are structured, encoded, and displayed.
Format Standards Support
| Standard | RFC | Status | Description |
|---|---|---|---|
| MIME | RFC 2045-2049 | ✅ Supported | Multipurpose Internet Mail Extensions |
| SMTPUTF8 | RFC 6531 | ⚠️ Partial | Internationalized email addresses |
| EAI | RFC 6530 | ⚠️ Partial | Email Address Internationalization |
| Message Format | RFC 5322 | ✅ Supported | Internet Message Format |
| MIME Security | RFC 1847 | ✅ Supported | Security Multiparts for MIME |
MIME (Multipurpose Internet Mail Extensions)
MIME allows emails to contain multiple parts with different content types (text, HTML, attachments, etc.).
Supported MIME Features:
- Multipart messages (mixed, alternative, related)
- Content-Type headers
- Content-Transfer-Encoding (7bit, 8bit, quoted-printable, base64)
- Inline images and attachments
- Rich HTML content
SMTPUTF8 and Email Address Internationalization
Warning
SMTPUTF8 support is partial - not all features are fully implemented.
SMTPUTF8 allows email addresses to contain non-ASCII characters (e.g., 用户@例え.jp).
Current Status:
- ⚠️ Partial support for internationalized email addresses
- ✅ UTF-8 content in message bodies
- ⚠️ Limited support for non-ASCII local parts
Calendaring and Contacts Protocols
Note
Forward Email provides full CalDAV and CardDAV support for calendar and contact synchronization.
Forward Email supports CalDAV and CardDAV via the caldav-adapter library:
| RFC | Title | Status | Implementation Notes |
|---|---|---|---|
| RFC 4791 | Calendaring Extensions to WebDAV (CalDAV) | ✅ Supported | Calendar access and management |
| RFC 6352 | CardDAV: vCard Extensions to WebDAV | ✅ Supported | Contact access and management |
| RFC 5545 | Internet Calendaring and Scheduling Core Object Specification (iCalendar) | ✅ Supported | iCalendar format support |
| RFC 6350 | vCard Format Specification | ✅ Supported | vCard 4.0 format support |
CalDAV and CardDAV are protocols that allow calendar and contact data to be accessed, shared, and synchronized across devices.
CalDAV and CardDAV Support
| Protocol | RFC | Status | Description |
|---|---|---|---|
| CalDAV | RFC 4791 | ✅ Supported | Calendar access and synchronization |
| CardDAV | RFC 6352 | ✅ Supported | Contact access and synchronization |
| iCalendar | RFC 5545 | ✅ Supported | Calendar data format |
| vCard | RFC 6350 | ✅ Supported | Contact data format |
| VTODO | RFC 5545 | ✅ Supported | Task/reminder support |
CalDAV (Calendar Access)
CalDAV allows you to access and manage calendars from any device or application.
Key Features:
- Multi-device synchronization
- Shared calendars
- Calendar subscriptions
- Event invitations and responses
- Recurring events
- Timezone support
Compatible Clients:
- Apple Calendar (macOS, iOS)
- Mozilla Thunderbird
- Evolution
- GNOME Calendar
- Any CalDAV-compatible client
CardDAV (Contact Access)
CardDAV allows you to access and manage contacts from any device or application.
Key Features:
- Multi-device synchronization
- Shared address books
- Contact groups
- Photo support
- Custom fields
- vCard 4.0 support
Compatible Clients:
- Apple Contacts (macOS, iOS)
- Mozilla Thunderbird
- Evolution
- GNOME Contacts
- Any CardDAV-compatible client
Tasks and Reminders (CalDAV VTODO)
Tip
Forward Email supports tasks and reminders through CalDAV VTODO.
VTODO is part of the iCalendar format and allows task management through CalDAV.
Key Features:
- Task creation and management
- Due dates and priorities
- Task completion tracking
- Recurring tasks
- Task lists/categories
Compatible Clients:
- Apple Reminders (macOS, iOS)
- Mozilla Thunderbird (with Lightning)
- Evolution
- GNOME To Do
- Any CalDAV client with VTODO support
CalDAV/CardDAV Synchronization Flow
Calendaring Extensions NOT Supported
The following calendaring extensions are NOT supported:
| RFC | Title | Reason |
|---|---|---|
| RFC 5546 | iCalendar Transport-Independent Interoperability Protocol (iTIP) | Not implemented in caldav-adapter |
| RFC 6047 | iCalendar Message-Based Interoperability Protocol (iMIP) | Not implemented in caldav-adapter |
| RFC 4918 | HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) | CalDAV uses WebDAV concepts but doesn't implement full RFC 4918 |
| RFC 6578 | Collection Synchronization for WebDAV | Not implemented |
| RFC 3744 | WebDAV Access Control Protocol | Not implemented |
Email Message Filtering
Caution
Sieve and ManageSieve are not currently supported but are planned for future implementation.
Sieve (RFC 5228)
| RFC | Title | Status | Reason |
|---|---|---|---|
| RFC 5228 | Sieve: An Email Filtering Language | ⚠️ Future | Not currently supported. May be implemented in the future. See GitHub Discussion #337 to subscribe for updates. |
Email filtering protocols allow users to create server-side rules for automatically processing incoming messages.
Sieve is a powerful email filtering language that allows users to create complex rules for message processing.
Planned Features:
- Server-side filtering rules
- Automatic message sorting
- Vacation auto-responders
- Spam filtering
- Forwarding rules
- Custom actions
Why Not Supported Yet:
Forward Email currently focuses on providing a user-friendly web interface for email filtering. Sieve support is planned for future implementation to provide advanced users with more powerful filtering capabilities.
Workaround:
Use Forward Email's web-based filtering interface to create filtering rules through the dashboard.
Tip
Vacation Responder Alternative: While Sieve is not yet supported, Forward Email provides a built-in vacation responder feature that's superior to traditional Sieve vacation filters. It includes:
- Automatic DKIM signature addition
- Connection issue prevention (SSL/TLS with legacy servers)
- Open WKD and PGP encryption support
- Intelligent rate limiting (once per sender every 4 days, like Gmail)
- Abuse prevention (filters postmaster, auto-submitted headers, mailing lists)
- Requires proper outbound SMTP setup (DKIM, DMARC, Return-Path)
Configuration: My Account → Domains → Aliases
- Start/end date configuration
- Subject limit: 100 characters
- Message limit: 1000 characters
ManageSieve (RFC 5804)
| RFC | Title | Status | Reason |
|---|---|---|---|
| RFC 5804 | A Protocol for Remotely Managing Sieve Scripts | ❌ Not Supported | Sieve not implemented |
ManageSieve is a protocol for remotely managing Sieve scripts.
Planned Features:
- Remote script management
- Script validation
- Multiple script support
- Script activation/deactivation
Current Status:
ManageSieve support is planned for future implementation alongside Sieve. For more information about ManageSieve, see Dovecot's ManageSieve documentation.
Storage Optimization
Important
Industry-First Storage Technology: Forward Email is the only email provider in the world that combines attachment deduplication with Brotli compression on email content. This dual-layer optimization gives you 2-3x more effective storage compared to traditional email providers.
Forward Email implements two revolutionary storage optimization techniques that dramatically reduce mailbox size while maintaining full RFC compliance and message fidelity:
- Attachment Deduplication - Eliminates duplicate attachments across all emails
- Brotli Compression - Reduces storage by 46-86% for metadata and 50% for attachments
Architecture: Dual-Layer Storage Optimization
Attachment Deduplication
Forward Email implements attachment deduplication based on WildDuck's proven approach, adapted for SQLite storage.
Note
What is Deduplicated: "Attachment" refers to the encoded MIME node contents (base64 or quoted-printable), not the decoded file. This preserves DKIM and GPG signature validity.
How It Works
WildDuck's Original Implementation (MongoDB GridFS):
Wild Duck IMAP server de-duplicates attachments. "Attachment" in this case means the base64 or quoted-printable encoded mime node contents, not the decoded file. Even though using encoded content means a lot of false negatives (the same file in different emails might be counted as different attachment) it is needed to guarantee the validity of different signature schemes (DKIM, GPG etc.). A message retrieved from Wild Duck looks exactly the same as the message that was stored even though Wild Duck parses the message into a tree-like object and rebuilds the message when retrieving.
Forward Email's SQLite Implementation:
Forward Email adapts this approach for encrypted SQLite storage with the following process:
- Hash Calculation: When an attachment is found, a hash is calculated using the
rev-hashlibrary from the attachment body - Lookup: Check if an attachment with matching hash exists in the
Attachmentstable - Reference Counting:
- If exists: Increment reference counter by 1 and magic counter by random number
- If new: Create new attachment entry with counter = 1
- Deletion Safety: Uses dual-counter system (reference + magic) to prevent false positives
- Garbage Collection: Attachments are deleted immediately when both counters reach zero
Source Code: helpers/attachment-storage.js
Deduplication Flow
Magic Number System
Forward Email uses WildDuck's "magic number" system (inspired by Mail.ru) to prevent false positives during deletion:
- Every message gets a random number assigned
- Attachment's magic counter is incremented by that random number when message is added
- Magic counter is decremented by the same number when message is deleted
- Attachment is only deleted when both counters (reference + magic) reach zero
This dual-counter system ensures that if something goes wrong during deletion (e.g., crash, network error), the attachment is not deleted prematurely.
Key Differences: WildDuck vs Forward Email
| Feature | WildDuck (MongoDB) | Forward Email (SQLite) |
|---|---|---|
| Storage Backend | MongoDB GridFS (chunked) | SQLite BLOB (direct) |
| Hash Algorithm | SHA256 | rev-hash (SHA-256 based) |
| Reference Counting | ✅ Yes | ✅ Yes |
| Magic Numbers | ✅ Yes (Mail.ru inspired) | ✅ Yes (same system) |
| Garbage Collection | Delayed (separate job) | Immediate (on zero counters) |
| Compression | ❌ None | ✅ Brotli (see below) |
| Encryption | ❌ Optional | ✅ Always (ChaCha20-Poly1305) |
Brotli Compression
Important
World's First: Forward Email is the only email service in the world that uses Brotli compression on email content. This provides 46-86% storage savings on top of attachment deduplication.
Forward Email implements Brotli compression for both attachment bodies and message metadata, providing massive storage savings while maintaining backwards compatibility.
Implementation: helpers/msgpack-helpers.js
What Gets Compressed
1. Attachment Bodies (encodeAttachmentBody)
- Old formats: Hex-encoded string (2x size) or raw Buffer
- New format: Brotli-compressed Buffer with "FEBR" magic header
- Compression decision: Only compresses if it saves space (accounts for 4-byte header)
- Storage savings: Up to 50% (hex → native BLOB)
2. Message Metadata (encodeMetadata)
Includes: mimeTree, headers, envelope, flags
- Old format: JSON text string
- New format: Brotli-compressed Buffer
- Storage savings: 46-86% depending on message complexity
Compression Configuration
// Brotli compression options optimized for speed (level 4 is a good balance)
const BROTLI_COMPRESS_OPTIONS = {
params: {
[zlib.constants.BROTLI_PARAM_QUALITY]: 4
}
};
Why Level 4?
- Fast compression/decompression: Sub-millisecond processing
- Good compression ratio: 46-86% savings
- Balanced performance: Optimal for real-time email operations
Magic Header: "FEBR"
Forward Email uses a 4-byte magic header to identify compressed attachment bodies:
"FEBR" = Forward Email BRotli
Hex: 0x46 0x45 0x42 0x52
Why a magic header?
- Format detection: Instantly identify compressed vs uncompressed data
- Backwards compatibility: Old hex strings and raw Buffers still work
- Collision avoidance: "FEBR" is unlikely to appear at the start of legitimate attachment data
Compression Process
Decompression Process
Backwards Compatibility
All decode functions auto-detect the storage format:
| Format | Detection Method | Handling |
|---|---|---|
| Brotli-compressed | Check for "FEBR" magic header | Decompress with zlib.brotliDecompressSync() |
| Raw Buffer | Buffer.isBuffer() without magic |
Return as-is |
| Hex string | Check for even length + [0-9a-f] chars | Decode with Buffer.from(value, 'hex') |
| JSON string | Check for { or [ first character |
Parse with JSON.parse() |
This ensures zero data loss during migration from old to new storage formats.
Storage Savings Statistics
Measured savings from production data:
| Data Type | Old Format | New Format | Savings |
|---|---|---|---|
| Attachment bodies | Hex-encoded string (2x) | Brotli-compressed BLOB | 50% |
| Message metadata | JSON text | Brotli-compressed BLOB | 46-86% |
| Mailbox flags | JSON text | Brotli-compressed BLOB | 60-80% |
Source: helpers/migrate-storage-format.js
Migration Process
Forward Email provides automatic, idempotent migration from old to new storage formats:
// Migration statistics tracked:
{
attachmentsMigrated: 0,
messagesMigrated: 0,
mailboxesMigrated: 0,
bytesSaved: 0 // Total bytes saved from compression
}
Migration steps:
- Attachment bodies: hex encoding → native BLOB (50% savings)
- Message metadata: JSON text → brotli-compressed BLOB (46-86% savings)
- Mailbox flags: JSON text → brotli-compressed BLOB (60-80% savings)
Source: helpers/migrate-storage-format.js
Combined Storage Efficiency
Tip
Real-World Impact: With attachment deduplication + Brotli compression, Forward Email users get 2-3x more effective storage compared to traditional email providers.
Example Scenario:
Traditional email provider (1GB mailbox):
- 1GB disk space = 1GB of emails
- No deduplication: Same attachment stored 10 times = 10x storage waste
- No compression: Full JSON metadata stored = 2-3x storage waste
Forward Email (1GB mailbox):
- 1GB disk space ≈ 2-3GB of emails (effective storage)
- Deduplication: Same attachment stored once, referenced 10 times
- Compression: 46-86% savings on metadata, 50% on attachments
- Encryption: ChaCha20-Poly1305 (no storage overhead)
Comparison Table:
| Provider | Storage Technology | Effective Storage (1GB mailbox) |
|---|---|---|
| Gmail | None | 1GB |
| iCloud | None | 1GB |
| Outlook.com | None | 1GB |
| Fastmail | None | 1GB |
| ProtonMail | Encryption only | 1GB |
| Tutanota | Encryption only | 1GB |
| Forward Email | Deduplication + Compression + Encryption | 2-3GB ✨ |
Technical Implementation Details
Performance:
- Brotli level 4: Sub-millisecond compression/decompression
- No performance penalty from compression
- SQLite FTS5: Sub-50ms search with NVMe SSD
Security:
- Compression happens after encryption (SQLite database is encrypted)
- ChaCha20-Poly1305 encryption + Brotli compression
- Zero-knowledge: Only user has decryption password
RFC Compliance:
- Messages retrieved look exactly the same as stored
- DKIM signatures remain valid (encoded content preserved)
- GPG signatures remain valid (no modification to signed content)
Why No Other Provider Does This
Complexity:
- Requires deep integration with storage layer
- Backwards compatibility is challenging
- Migration from old formats is complex
Performance concerns:
- Compression adds CPU overhead (solved with Brotli level 4)
- Decompression on every read (solved with SQLite caching)
Forward Email's Advantage:
- Built from the ground up with optimization in mind
- SQLite allows direct BLOB manipulation
- Encrypted per-user databases enable safe compression
Modern Features
Complete REST API for Email Management
Tip
Forward Email provides a comprehensive REST API with 39 endpoints for programmatic email management.
Tip
Unique Industry Feature: Unlike every other email service, Forward Email provides complete programmatic access to your mailbox, calendar, contacts, messages, and folders via a comprehensive REST API. This is direct interaction with your encrypted SQLite database file storing all your data.
Forward Email offers a complete REST API that provides unprecedented access to your email data. No other email service (including Gmail, iCloud, Outlook, ProtonMail, Tuta, or Fastmail) offers this level of comprehensive, direct database access.
API Documentation: https://forwardemail.net/en/email-api
API Categories (39 Endpoints)
1. Messages API (5 endpoints) - Full CRUD operations on email messages:
GET /v1/messages- List messages with 15+ advanced search parameters (no other service offers this)POST /v1/messages- Create/send messagesGET /v1/messages/:id- Retrieve messagePUT /v1/messages/:id- Update message (flags, folders)DELETE /v1/messages/:id- Delete message
Example: Find all invoices from last quarter with attachments:
curl -u "alias@domain.com:password" \
"https://api.forwardemail.net/v1/messages?q=subject:invoice+has:attachment+after:2024-01-01+before:2024-04-01"
See Advanced Search Documentation
2. Folders API (5 endpoints) - Full IMAP folder management via REST:
GET /v1/folders- List all foldersPOST /v1/folders- Create folderGET /v1/folders/:id- Retrieve folderPUT /v1/folders/:id- Update folderDELETE /v1/folders/:id- Delete folder
3. Contacts API (5 endpoints) - CardDAV contact storage via REST:
GET /v1/contacts- List contactsPOST /v1/contacts- Create contact (vCard format)GET /v1/contacts/:id- Retrieve contactPUT /v1/contacts/:id- Update contactDELETE /v1/contacts/:id- Delete contact
4. Calendars API (5 endpoints) - Calendar container management:
GET /v1/calendars- List calendar containersPOST /v1/calendars- Create calendar (e.g., "Work Calendar", "Personal Calendar")GET /v1/calendars/:id- Retrieve calendarPUT /v1/calendars/:id- Update calendarDELETE /v1/calendars/:id- Delete calendar
5. Calendar Events API (5 endpoints) - Event scheduling within calendars:
GET /v1/calendar-events- List eventsPOST /v1/calendar-events- Create event with attendeesGET /v1/calendar-events/:id- Retrieve eventPUT /v1/calendar-events/:id- Update eventDELETE /v1/calendar-events/:id- Delete event
Example: Create a calendar event:
curl -u "alias@domain.com:password" \
-X POST \
-H "Content-Type: application/json" \
-d '{"title":"Team Meeting","start":"2024-12-20T10:00:00Z","attendees":["team@example.com"],"calendar_id":"calendar123"}' \
https://api.forwardemail.net/v1/calendar-events
Technical Details
- Authentication: Simple
alias:passwordauthentication (no OAuth complexity) - Performance: Sub-50ms response times with SQLite FTS5 and NVMe SSD storage
- Zero Network Latency: Direct database access, not proxied through external services
Real-World Use Cases
-
Email Analytics: Build custom dashboards tracking email volume, response times, sender statistics
-
Automated Workflows: Trigger actions based on email content (invoice processing, support tickets)
-
CRM Integration: Sync email conversations with your CRM automatically
-
Compliance & Discovery: Search and export emails for legal/compliance requirements
-
Custom Email Clients: Build specialized email interfaces for your workflow
-
Business Intelligence: Analyze communication patterns, response rates, customer engagement
-
Document Management: Extract and categorize attachments automatically
Forward Email offers a modern REST API that provides full control over email accounts, domains, aliases, and messages. This API serves as a powerful alternative to JMAP and provides functionality beyond traditional email protocols.
| Category | Endpoints | Description |
|---|---|---|
| Account Management | 8 | User accounts, authentication, settings |
| Domain Management | 12 | Custom domains, DNS, verification |
| Alias Management | 6 | Email aliases, forwarding, catch-all |
| Message Management | 7 | Send, receive, search, delete messages |
| Calendar & Contacts | 4 | CalDAV/CardDAV access via API |
| Logs & Analytics | 2 | Email logs, delivery reports |
Key API Features
Advanced Search:
The API provides powerful search capabilities with query syntax similar to Gmail:
GET /v1/messages?q=subject:invoice+has:attachment+after:2024-01-01+before:2024-04-01
Supported Search Operators:
from:- Search by senderto:- Search by recipientsubject:- Search by subjecthas:attachment- Messages with attachmentsis:unread- Unread messagesis:starred- Starred messagesafter:- Messages after datebefore:- Messages before datelabel:- Messages with labelfilename:- Attachment filename
Calendar Event Management:
GET /v1/calendar-events
POST /v1/calendar-events
PUT /v1/calendar-events/:id
DELETE /v1/calendar-events/:id
Webhook Integrations:
The API supports webhooks for real-time notifications of email events (received, sent, bounced, etc.).
Authentication:
- API key authentication
- OAuth 2.0 support
- Rate limiting: 1000 requests/hour
Data Format:
- JSON request/response
- RESTful design
- Pagination support
Security:
- HTTPS only
- API key rotation
- IP whitelisting (optional)
- Request signing (optional)
API Architecture
iOS Push Notifications
Tip
Forward Email supports native iOS push notifications through XAPPLEPUSHSERVICE for instant email delivery.
Important
Unique Feature: Forward Email is one of the few open-source email servers that supports native iOS push notifications for email, contacts, and calendars via the XAPPLEPUSHSERVICE IMAP extension. This was reverse-engineered from Apple's protocol and provides instant delivery to iOS devices without battery drain.
Forward Email implements Apple's proprietary XAPPLEPUSHSERVICE extension, providing native push notifications for iOS devices without requiring background polling.
How It Works
XAPPLEPUSHSERVICE is a non-standard IMAP extension that allows iOS Mail app to receive instant push notifications when new emails arrive.
Forward Email implements the proprietary Apple Push Notification service (APNs) integration for IMAP, allowing iOS Mail app to receive instant push notifications when new emails arrive.
Key Features
Instant Delivery:
- Push notifications arrive within seconds
- No battery-draining background polling
- Works even when Mail app is closed
- Instant Delivery: Emails, calendar events, and contacts appear on your iPhone/iPad immediately, not on a polling schedule
- Battery Efficient: Uses Apple's push infrastructure instead of maintaining constant IMAP connections
- Topic-Based Push: Supports push notifications for specific mailboxes, not just INBOX
- No Third-Party Apps Required: Works with the native iOS Mail, Calendar, and Contacts apps
Native Integration:
- Built into iOS Mail app
- No third-party apps required
- Seamless user experience
Privacy-Focused:
- Device tokens are encrypted
- No message content sent through APNS
- Only "new mail" notification sent
Battery Efficient:
- No constant IMAP polling
- Device sleeps until notification arrives
- Minimal battery impact
What Makes This Special
Important
Most email providers don't support XAPPLEPUSHSERVICE, forcing iOS devices to poll for new mail every 15 minutes.
Most open-source email servers (including Dovecot, Postfix, Cyrus IMAP) do NOT support iOS push notifications. Users must either:
- Use IMAP IDLE (keeps connection open, drains battery)
- Use polling (checks every 15-30 minutes, delayed notifications)
- Use proprietary email apps with their own push infrastructure
Forward Email provides the same instant push notification experience as commercial services like Gmail, iCloud, and Fastmail.
Comparison with Other Providers:
| Provider | Push Support | Polling Interval | Battery Impact |
|---|---|---|---|
| Forward Email | ✅ Native Push | Instant | Minimal |
| Gmail | ✅ Native Push | Instant | Minimal |
| iCloud | ✅ Native Push | Instant | Minimal |
| Yahoo | ✅ Native Push | Instant | Minimal |
| Outlook.com | ❌ Polling | 15 minutes | Moderate |
| Fastmail | ❌ Polling | 15 minutes | Moderate |
| ProtonMail | ⚠️ Bridge only | Via Bridge | High |
| Tutanota | ❌ App only | N/A | N/A |
Implementation Details
IMAP CAPABILITY Response:
* CAPABILITY IMAP4rev1 ... XAPPLEPUSHSERVICE ...
Registration Process:
- iOS Mail app detects XAPPLEPUSHSERVICE capability
- App registers device token with Forward Email
- Forward Email stores token and associates with account
- When new mail arrives, Forward Email sends push via APNS
- iOS wakes up Mail app to fetch new messages
Security:
- Device tokens are encrypted at rest
- Tokens expire and are refreshed automatically
- No message content exposed to APNS
- End-to-end encryption maintained
- IMAP Extension:
XAPPLEPUSHSERVICE - Source Code: WildDuck Issue #711
- Setup: Automatic - no configuration needed, works out of the box with iOS Mail app
Comparison with Other Services
| Service | iOS Push Support | Method |
|---|---|---|
| Forward Email | ✅ Yes | XAPPLEPUSHSERVICE (reverse-engineered) |
| Gmail | ✅ Yes | Proprietary Gmail app + Google push |
| iCloud Mail | ✅ Yes | Native Apple integration |
| Outlook.com | ✅ Yes | Proprietary Outlook app + Microsoft push |
| Fastmail | ✅ Yes | XAPPLEPUSHSERVICE |
| Dovecot | ❌ No | IMAP IDLE or polling only |
| Postfix | ❌ No | IMAP IDLE or polling only |
| Cyrus IMAP | ❌ No | IMAP IDLE or polling only |
Gmail Push:
Gmail uses a proprietary push system that only works with the Gmail app. iOS Mail app must poll Gmail IMAP servers.
iCloud Push:
iCloud has native push support similar to Forward Email, but only for @icloud.com addresses.
Outlook.com does not support XAPPLEPUSHSERVICE, requiring iOS Mail to poll every 15 minutes.
Fastmail:
Fastmail does not support XAPPLEPUSHSERVICE. Users must use the Fastmail app for push notifications or accept 15-minute polling delays.
Testing and Verification
Protocol Capability Tests
Note
This section provides the results of our latest protocol capability tests, conducted on January 22, 2026.
This section contains the actual CAPABILITY/CAPA/EHLO responses from all tested providers. All tests were run on January 22, 2026.
These tests help verify the advertised and actual support for various email protocols and extensions across major providers.
Test Methodology
Test Environment:
- Date: January 22, 2026 at 02:37 UTC
- Location: AWS EC2 instance
- IPv4: 54.167.216.197
- IPv6: 2600:4040:46da:9a00:b19e:3ad4:426c:2f48
- Tools: OpenSSL s_client, bash scripts
Providers Tested:
- Forward Email
- Gmail
- Outlook.com
- iCloud
- Fastmail
- Yahoo/AOL (Verizon)
Test Scripts
For full transparency, the exact scripts used for these tests are provided below.
IMAP Capability Test Script
#!/bin/bash
# IMAP Capability Test Script
# Tests IMAP CAPABILITY for various email providers
echo "========================================="
echo "IMAP CAPABILITY TEST"
echo "Date: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
echo "========================================="
echo ""
# Gmail
echo "--- Gmail (imap.gmail.com:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect imap.gmail.com:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
# Outlook.com
echo "--- Outlook.com (outlook.office365.com:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect outlook.office365.com:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
# iCloud
echo "--- iCloud (imap.mail.me.com:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect imap.mail.me.com:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
# Fastmail
echo "--- Fastmail (imap.fastmail.com:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect imap.fastmail.com:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
# Yahoo
echo "--- Yahoo (imap.mail.yahoo.com:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect imap.mail.yahoo.com:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
# Forward Email
echo "--- Forward Email (imap.forwardemail.net:993) ---"
echo -e "a001 CAPABILITY\na002 LOGOUT" | timeout 10 openssl s_client -connect imap.forwardemail.net:993 -crlf -quiet 2>&1 | grep -A 20 "CAPABILITY"
echo ""
echo "========================================="
echo "Test completed"
echo "========================================="
POP3 Capability Test Script
#!/bin/bash
# POP3 Capability Test Script
# Tests POP3 CAPA for various email providers
echo "========================================="
echo "POP3 CAPABILITY TEST"
echo "Date: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
echo "========================================="
echo ""
# Gmail
echo "--- Gmail (pop.gmail.com:995) ---"
echo -e "CAPA\nQUIT" | timeout 10 openssl s_client -connect pop.gmail.com:995 -crlf -quiet 2>&1 | grep -A 20 "CAPA"
echo ""
# Outlook.com
echo "--- Outlook.com (outlook.office365.com:995) ---"
echo -e "CAPA\nQUIT" | timeout 10 openssl s_client -connect outlook.office365.com:995 -crlf -quiet 2>&1 | grep -A 20 "CAPA"
echo ""
# iCloud (Note: iCloud does not support POP3)
echo "--- iCloud (No POP3 support) ---"
echo "iCloud does not support POP3"
echo ""
# Fastmail
echo "--- Fastmail (pop.fastmail.com:995) ---"
echo -e "CAPA\nQUIT" | timeout 10 openssl s_client -connect pop.fastmail.com:995 -crlf -quiet 2>&1 | grep -A 20 "CAPA"
echo ""
# Yahoo
echo "--- Yahoo (pop.mail.yahoo.com:995) ---"
echo -e "CAPA\nQUIT" | timeout 10 openssl s_client -connect pop.mail.yahoo.com:995 -crlf -quiet 2>&1 | grep -A 20 "CAPA"
echo ""
# Forward Email
echo "--- Forward Email (pop3.forwardemail.net:995) ---"
echo -e "CAPA\nQUIT" | timeout 10 openssl s_client -connect pop3.forwardemail.net:995 -crlf -quiet 2>&1 | grep -A 20 "CAPA"
echo ""
echo "========================================="
echo "Test completed"
echo "========================================="
SMTP Capability Test Script
#!/bin/bash
# SMTP Capability Test Script
# Tests SMTP EHLO for various email providers
echo "========================================="
echo "SMTP CAPABILITY TEST"
echo "Date: $(date -u +"%Y-%m-%d %H:%M:%S UTC")"
echo "========================================="
echo ""
# Gmail
echo "--- Gmail (smtp.gmail.com:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.gmail.com:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
# Outlook.com
echo "--- Outlook.com (smtp.office365.com:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.office365.com:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
# iCloud
echo "--- iCloud (smtp.mail.me.com:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.mail.me.com:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
# Fastmail
echo "--- Fastmail (smtp.fastmail.com:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.fastmail.com:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
# Yahoo
echo "--- Yahoo (smtp.mail.yahoo.com:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.mail.yahoo.com:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
# Forward Email
echo "--- Forward Email (smtp.forwardemail.net:587) ---"
echo -e "EHLO test.com\nQUIT" | timeout 10 openssl s_client -connect smtp.forwardemail.net:587 -starttls smtp -crlf -quiet 2>&1 | grep -A 30 "250-"
echo ""
echo "========================================="
echo "Test completed"
echo "========================================="
Test Results Summary
IMAP (CAPABILITY)
Forward Email
* CAPABILITY IMAP4rev1 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN CHILDREN ENABLE ID IDLE NAMESPACE QUOTA SASL-IR UNSELECT XLIST XAPPLEPUSHSERVICE
Gmail
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE
iCloud
* OK [CAPABILITY XAPPLEPUSHSERVICE IMAP4 IMAP4rev1 SASL-IR AUTH=ATOKEN AUTH=PLAIN AUTH=ATOKEN2 AUTH=XOAUTH2]
* CAPABILITY IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
Fastmail
* CAPABILITY IMAP4rev1 ACL ANNOTATE-EXPERIMENT-1 CATENATE CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGINDISABLED MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SORT SPECIAL-USE THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN X-RENAME XLIST
Yahoo/AOL (Verizon)
* CAPABILITY IMAP4rev1 IDLE NAMESPACE QUOTA ID XLIST CHILDREN UIDPLUS MOVE CONDSTORE ESEARCH ENABLE LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE UNSELECT XAPPLEPUSHSERVICE
POP3 (CAPA)
Forward Email
+OK
CAPA
TOP
USER
UIDL
EXPIRE 30
IMPLEMENTATION ForwardEmail
.
Gmail
+OK
CAPA
TOP
USER
UIDL
EXPIRE 30
IMPLEMENTATION Gpop
.
+OK
CAPA
TOP
USER
UIDL
SASL PLAIN XOAUTH2
.
Fastmail
+OK
CAPA
TOP
USER
UIDL
EXPIRE 30
IMPLEMENTATION Cyrus
.
SMTP (EHLO)
Forward Email
250-smtp.forwardemail.net
250-PIPELINING
250-SIZE 52428800
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
Gmail
250-smtp.gmail.com at your service
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
250-SN4PR13CA0005.outlook.office365.com Hello [x.x.x.x]
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
Fastmail
250-smtp.fastmail.com
250-PIPELINING
250-SIZE 78643200
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING
Yahoo/AOL (Verizon)
250-smtp.mail.yahoo.com
250-PIPELINING
250-SIZE 41943040
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-STARTTLS
Detailed Test Results
IMAP Test Results
Gmail:
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER
Outlook.com:
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
iCloud:
* CAPABILITY XAPPLEPUSHSERVICE IMAP4 IMAP4rev1 SASL-IR AUTH=ATOKEN AUTH=PLAIN AUTH=ATOKEN2 AUTH=XOAUTH2
Fastmail: Connection timed out. See notes below.
Yahoo:
* CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN UNSELECT X-MSG-EXT OBJECTID IDLE ENABLE UIDONLY X-ALL-MAIL X-UIDONLY LIST-EXTENDED LIST-STATUS SPECIAL-USE PARTIAL APPENDLIMIT=41697280
Forward Email:
* CAPABILITY XAPPLEPUSHSERVICE IMAP4rev1 APPENDLIMIT=52428800 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN CHILDREN CONDSTORE ENABLE ID IDLE MOVE NAMESPACE QUOTA SASL-IR SPECIAL-USE UIDPLUS UNSELECT UTF8=ACCEPT XLIST
POP3 Test Results
Gmail: Connection did not return CAPA response without authentication.
Outlook.com: Connection did not return CAPA response without authentication.
iCloud: Not Supported.
Fastmail: Connection timed out. See notes below.
Yahoo:
+OK CAPA list follows... SASL PLAIN XOAUTH2
Forward Email: Connection did not return CAPA response without authentication.
SMTP Test Results
Gmail:
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Outlook.com:
250-DSN
iCloud:
250-DSN
Fastmail:
250 AUTH PLAIN LOGIN XOAUTH2 OAUTHBEARER
Yahoo:
250 AUTH PLAIN LOGIN XOAUTH2 OAUTHBEARER
Forward Email:
250-DSN, 250-REQUIRETLS
Notes on Test Results
Note
Important observations and limitations from the test results.
-
Fastmail Timeouts: Fastmail connections timed out during testing, likely due to rate limiting or firewall restrictions from the test server IP. Fastmail is known to have robust IMAP/POP3/SMTP support based on their documentation.
-
POP3 CAPA Responses: Several providers (Gmail, Outlook.com, Forward Email) did not return CAPA responses without authentication. This is common security practice for POP3 servers.
-
DSN Support: Only Outlook.com, iCloud, and Forward Email explicitly advertise DSN support in their SMTP EHLO responses. This doesn't necessarily mean other providers don't support DSN, but they don't advertise it.
-
REQUIRETLS: Only Forward Email explicitly advertises REQUIRETLS support with user-facing enforcement checkbox. Other providers may support it internally but don't advertise it in EHLO.
-
Test Environment: Tests were conducted from AWS EC2 instance (IP: 54.167.216.197 IPv4, 2600:4040:46da:9a00:b19e:3ad4:426c:2f48 IPv6) on January 22, 2026 at 02:37 UTC.
Summary
Forward Email provides comprehensive RFC protocol support across all major email standards:
- IMAP4rev1: 16 supported RFCs with intentional differences documented
- POP3: 4 supported RFCs with RFC-compliant permanent deletion
- SMTP: 11 supported extensions including SMTPUTF8, DSN, and PIPELINING
- Authentication: DKIM, SPF, DMARC, ARC fully supported
- Transport Security: MTA-STS and REQUIRETLS fully supported, DANE partial support
- Encryption: OpenPGP v6 and S/MIME supported
- Calendaring: CalDAV, CardDAV, and VTODO fully supported
- API Access: Complete REST API with 39 endpoints for direct database access
- iOS Push: Native push notifications for email, contacts, and calendars via
XAPPLEPUSHSERVICE
Key Differentiators
Tip
Forward Email stands out with unique features not found in other providers.
What Makes Forward Email Unique:
- Quantum-Safe Encryption - Only provider with ChaCha20-Poly1305 encrypted SQLite mailboxes
- Zero-Knowledge Architecture - Your password encrypts your mailbox; we can't decrypt it
- Free Custom Domains - No monthly fees for custom domain email
- REQUIRETLS Support - User-facing checkbox to enforce TLS for entire delivery path
- Comprehensive API - 39 REST API endpoints for full programmatic control
- iOS Push Notifications - Native XAPPLEPUSHSERVICE support for instant delivery
- Open Source - Full source code available on GitHub
- Privacy-Focused - No data mining, no ads, no tracking
- Sandboxed Encryption: Only email service with individually encrypted SQLite mailboxes
- RFC Compliance: Prioritizes standards compliance over convenience (e.g., POP3 DELE)
- Complete API: Direct programmatic access to all email data
- Open Source: Fully transparent implementation
Protocol Support Summary:
| Category | Support Level | Details |
|---|---|---|
| Core Protocols | ✅ Excellent | IMAP4rev1, POP3, SMTP fully supported |
| Modern Protocols | ⚠️ Partial | IMAP4rev2 partial support, JMAP not supported |
| Security | ✅ Excellent | DKIM, SPF, DMARC, ARC, MTA-STS, REQUIRETLS |
| Encryption | ✅ Excellent | OpenPGP, S/MIME, SQLite encryption |
| CalDAV/CardDAV | ✅ Excellent | Full calendar and contact sync |
| Filtering | ⚠️ Future | Sieve and ManageSieve planned |
| API | ✅ Excellent | 39 REST API endpoints |
| Push | ✅ Excellent | Native iOS push notifications |