forwardemail / forwardemail.net Goto Github PK
View Code? Open in Web Editor NEWPrivacy-focused encrypted email for everyone.
Home Page: https://forwardemail.net
License: Other
Privacy-focused encrypted email for everyone.
Home Page: https://forwardemail.net
License: Other
configuration is exposed in the TXT records in plain text
This is not clearly explained on the website. Not only ought it be stated during signup not-burried in a link, but the impact ought be explained. DNS is harvested for any number of privacy demeaning free services since 2008. Free users can ironically expect spam.
When using multiple aliases with random addresses (dice feature - very nice by the way!), the order of rows is therefore random as well. It would be desirable to have the option (ideally saved in some way) to order by the Description & Labels column so that it's easier to scroll to the correct position. Find on page works well but column ordering would be better in my opinion.
421 SPF validation failed with result "permerror" and explanation "SPF Permanent Error: Two or more type TXT spf records found." - if you need help please forward this email to [email protected] or visit https://forwardemail.net
Domain is https://www.csteachingtips.org/
I'd really appreciate help getting this figured out. I have the MX and SPF record in place.
Some splits are very bad for translation.
When i try to enter domain settings, this popup displays:
/var/www/production/source/app/views/my-account/domains/retrieve.pug:72 70| h5.card-header= t('Enhanced Protection Verification Record') 71| .card-body > 72| p!= t('Please ensure that a TXT record exists for %s with the following value:', domain.name) 73| .input-group 74| input(type='text', readonly, value=
${config.recordPrefix}-site-verification=${domain.verification_record}).form-control#verification-record 75| .input-group-append [sprintf] unexpected placeholder
And i can't enter the page.
I in particular .pl does not (no longer?) appear on any of the mentioned misused TLD lists. Also, it is only 20% cheaper than .com from most registrars (never got any spam from .pl, .pl is more expensive than .eu, which is not banned, nor listed on any of the lists, and I got tons of spam from .eu and .com domains, don't ban them right away, just sayin').
forwardemail.net/config/index.js
Lines 286 to 303 in 4256c8b
There is much more TLDs that are used way more for shady business, spam or scam.
Did someone try registering a malicious domain? Did they indeed benefit from the free service's resources? If so, you can restrict free-plan sus domains to incoming mail only, like improvmx.com does (it is currently unable to forward mail to IPv6-only servers, and is closed-source, so I dropped them a bug notice and moved on to checking the alternatives).
As always, it is all about the money, so my ulterior motive is that I am unable to set up my personal domain mail on https://arusekk.pl/ for free because of that. (And I don't like online payments, but this is a different story.)
Imagine banning .com because of 'many malicious sites being there' and it being cheap, come on.
It looks like it was never changed besides 02b9437.
I would like to say something positive, but I am yet to even try the service out, so for now... a huge plus for the website working quite well with scripts disabled, and for localization support.
I'm seeing a ton of people configure this incorrectly, so until free plan offered for everyone has enhanced protection, a job with this email to go out should be sent.
I use API to add and delete aliases. No problems with ADDING aliases. I'm not able to have the DELETE command working.
I use a command like this with the objective to delete alias "pluto" : from the domain ACME.com
curl -X DELETE https://api.forwardemail.net/v1/domains/ACME.com/aliases/pluto -u 4xxxxxxxxxxcb74d52:
answer is always:
{
"statusCode": 404,
"error": "Not Found",
"message": "Alias does not exist on the domain."
}
Ref: 📣 Your Help Request #1603392707262
In the Enhanced Protection plan's features, one of the features is a "Browser extension", but I can't find any other info about it... is this feature still in development?
Interested to see what the extension will be for – is it for generating new aliases?
dclassify
Bayes filter)/disposable-addresses
landing pageforward-email-port=2525
)HEAD /
(e.g. support UptimeRobot)rg "TODO"
in codebase'User cannot have more than (5) aliases on global domains.'
more friendly/managedIn
forwardemail.net/config/index.js
Line 290 in 2345862
different bad tlds get declared. Trying to use one of them for emailforwarding will require a piad plan. Looking throught the given sources these lists do not correlate to them. E.g .email and .ga can not be found on one of the three lists while others that are on the lists are not on there.
I would also like to see a way to be capable of using theme, as the only free available tlds out there are all on the list, so someone who would like to create a hobbypage could not use it. Maybe make it a one time payment at least in order of some kind of verification process.
Where do i get the dkim record that I need to add in my domain DNS txt record?
I am using cloudflare for dns
I have been using the freeplan for quite a while and the only thing I would like to improve a bit is the fact that the configuration is exposed in the TXT records in plain text. I know the paid plan has a feature that fixes this, but there is another option:
Store the configuration in publicly exposed DNS records, but in an encrypted form. The DNS record could then look for example like this:
Name/Host/Alias | TTL | Record Type | Value/Answer/Destination |
---|---|---|---|
@ or leave blank | 3600 | TXT | forward-email=enc: |
Given that the key for symmetric encryption must be kept secret, the encryption would have to be done by the site. The user would sign into their account in forwardemail.net, enter the desired value and the website would return an encrypted version of the value. User would then just copy-paste this value into their DNS configuration.
In this case, the public key could be really publicly exposed and therefore the encryption could be done by the users manually, it can be done on users' machines, it could be used in automated scripts etc. Decryption of asymmetrically encrypted data is usually more complex though.
I know this means development of new functionality (e.g. encryption key storage), but it does not require additional storage which would grow with the number of users (you can just rotate the keys every couple of weeks/months and the keys can be shared) and it does not require additional network calls when processing a forwarded e-mail.
Another benefit of this feature is that DNS records for webhooks could then also contain shared secret for signing the payload (like GitHub uses for their webhooks) which makes security the webhook consuming endpoint a lot simpler.
I case you decided to give this one a try, I am happy to assist.
Hey !, I'm super naive to how emails work, but tolerate me here.
say I want to set a DMARC policy to only allow emails if they pass SPF checks, what would such a DMARC policy look like, is it possible to set such a DMARC policy ?
I recently learnt about DMARC policies and I want to ensure people can't send emails using my domain by spoofing
e.g. niftylettuce.com gets replaced to whatever the domain is
Hi, after registering a domain I don't see information needed to set TXT and MX records. I added MX from FAQ, it was verifed succesfully. Additionaly, after free domain upgrade, i see error while entering domains:
Błąd
/var/www/production/source/app/views/my-account/domains/retrieve.pug:72 70| h5.card-header= t('Enhanced Protection Verification Record') 71| .card-body > 72| p!= t('Please ensure that a TXT record exists for %s with the following value:', domain.name) 73| .input-group 74| input(type='text', readonly, value=${config.recordPrefix}-site-verification=${domain.verification_record}
).form-control#verification-record 75| .input-group-append [sprintf] unexpected placeholder
Name/Host/Alias | TTL | Record Type | Priority | Value/Answer/Destination |
---|---|---|---|---|
@ or leave blank | 3600 | MX | 10 | mx1.forwardemail.net |
@ or leave blank | 3600 | MX | 20 | mx2.forwardemail.net |
Name/Host/Alias | TTL | Record Type | Value/Answer/Destination |
---|---|---|---|
@ or leave blank | 3600 | TXT | Option A, B, C, D, E, or F |
@ or leave blank | 3600 | TXT | v=spf1 a mx include:spf.forwardemail.net -all |
Could mailgun be used as the underlying provider forwarding messages? I have no interest running a public instance. I would want the upside of DEA [for a small group of personally known basic-auth users] without the not-awesomeness of catch-all email sieves.
gmail would be extremely opposite of respecting users' privacy concerns
Not sure how the system try to check if a password is strong or not, but 64 characters with 256bit key autogenerated password should be enough.
But it is not.
I suggest to change the way to check the passwords on the system.
Thanks
I trying to one-time cancel subscription for changing payment mehod,
but I got 500 internal server error
with this message:
Cannot read property 'paypalSubscriptionID' of undefined
Today (2021-01-17 JST), I want change subscription method from Paypal to Credit card (via Revolut),
but I cannot found changing to payment method on forwardemail.net.
So, I think:
Maybe, I'm enable to change of payment method,
one-time cancel subscription, and re-subscribe to different payment method...?
and trying that, but I got 500 error.
And note, I'm ok that I cannot change to payment method at today or later,
but that error probablly makes trouble another people I think.
Cancel Subscription
button and OK
on confirm dialog500 internal server error
with Cannot read property 'paypalSubscriptionID' of undefined
and,
If you go to https://forwardemail.net/fr/faq?domain=some.domain.com&email=some.email%40gmail.com#questions-fr%C3%A9quemment-pos%C3%A9es and then click on the first header, the DOM will give you this error in DevTools console:
jquery.js:1560 Uncaught Error: Syntax error, unrecognized expression: #questions-fr%C3%A9quemment-pos%C3%A9es
at Function.Sizzle.error (jquery.js:1560)
at Sizzle.tokenize (jquery.js:2216)
at Sizzle.select (jquery.js:2643)
at Function.Sizzle [as find] (jquery.js:862)
at jQuery.fn.init.find (jquery.js:2896)
at new jQuery.fn.init (jquery.js:3006)
at jQuery (jquery.js:152)
at changeHashOnScroll (change-hash-on-scroll.js:10)
at dispatch (jquery.js:5237)
at elemData.handle (jquery.js:5044)
Hi,
New user here.
Im moving over to your service from mailgun (I'm sure I am not alone due to mailgun change to free tier).
One of the things I found very valuable in mailgun is the ability to call a webhook on forwarding failure. This allowed my to (via IFTTT) email an alternative account to advise there have been forwarding issues.
Why is this so important is that my provider (outlook.com) occasionally blocked mailgun due to their IPs being flagged as spam distributors (which MG were swift to address) but in the interim it allowed me to change routing to avoid further email losses.
I checked in your faq and github issues but I didnt find mention of such a capability in forwardemail.net
Is forwarding failure notification something you are considering to add?
Does not need to be a webhook - could also be simple email, SMS etc.
If I check the pricing page, it seems like the "Enhanced protection" costs $3 per month. But if I switch a domain to this it seems like it's per domain.
That wasn't clear to me upfront.
It's pretty easy to create a DNS scraper that checks if the top-level MX records are pointing to mx1.forwardemail.net
and mx2.forwardemail.net
. In these cases we can run another DNS query to obtain all the aliases. When you type: dig TXT example.com
, then it would show all the email forwardings and expose the private email address.
This could easily be prevented by creating a secret during domain registration with forwardemail.net. Instead of looking up the TXT record on the root-level, it could check for the secret TXT record. Both forwardemail.net knows about this secret and the user that registered the email domain. Nobody else knows the secret and therefore can't find the forwarding records and the private email addresses stay private.
The only catch is when AXFR is configured incorrectly and accepts requests from any IP addresses (which is flawed anyway). Most cloud providers (i.e. Azure DNS, AWS Route53) don't support AXFR at all, so this is hardly a problem in real-life.
Import And Export Alias On Enhanched Version! ForwardEmail Already have import from "TXT" Record but if someone who used alternative like simplelogin before! They can import from csv file! It would be great if this feature get added!
It is hard to change link(ed) social account (like github), so adding link(ed) social accounts on profile page on site, so users can easily add/change/delete linked accounts?
Thanks for setting this service up and open source it.
I'd like to add some translations as PRs if possible.
Where do I start best?
The website shows CN and ES translations but I can't seem to find them here in the repo.
Hi, after registering a domain I don't see information needed to set TXT and MX records. I added MX from FAQ, it was verifed succesfully. Additionaly, after free domain upgrade, i see error while entering domains:
Błąd
/var/www/production/source/app/views/my-account/domains/retrieve.pug:72 70| h5.card-header= t('Enhanced Protection Verification Record') 71| .card-body > 72| p!= t('Please ensure that a TXT record exists for %s with the following value:', domain.name) 73| .input-group 74| input(type='text', readonly, value=${config.recordPrefix}-site-verification=${domain.verification_record}
).form-control#verification-record 75| .input-group-append [sprintf] unexpected placeholder
Hi there, thank you for this great service!
Is it possible to forward emails to another host (in conjunction with the forward-email-port setting) without rewriting the domain? If I am using forward-email=mx2.domain.com
for my domain domain.com
, then emails like [email protected] will be rewritten to [email protected], but I want them stay the same.
Scenario: using forwardemail as backup mx to a host with blocked port 25
Thank you very much!
The website claims 100% open-source, which the server-side is not (source-available, yes, but not open source).
The license is clearly not open source. Which is ok, just be honest about it because the website is confusing
I suggest to correct the website.
Hello everyone,
first thanks for this great service, its very useful!
I set up a webhook and found out the raw attribute of the json data send to my webhooks contains malformed data. In FAQ it seems raw should look like this:
"raw": "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardemail.net;\r\n q=dns/txt; ...
however in the actual http request they look like this
"raw":{"type":"Buffer","data":[65,82,67,45,83,101,97,108,58,32,105,61,49,59,32,97,61,114,115,97,45,115,104,
97,50,53,54,59,32,116,61,49,54,51,50,52,56,48,57,50,52,59,32,99,118,61,110,111,110,101,59,32,100,61,102,
111,114,119,97,114,100,101,109,97,105,108,...
This causes the webhook requests to be huge and often refused by services like requestbin.com with expcetions claiming request is too large (in this particular case The body of the request is too large. Requests must be smaller than 100k (413)
.
Hello, and thanks for your great service!
It appears that some of the mail messages that are supposed to be forwarded to Gmail fail to arrive.
Here are the facts:
My bank sends me a mail notification for every transaction in my account. When it's sent directly to my Gmail address, it arrives without any problem (it passes SPF and DMARC, but doesn't have DKIM). When I configure my bank account to send the notification to my custom-domain address (which is supposed to be forwarded by ForwardEmail.net to the same Gmail address) I stop getting those messages all-together.
All SpamScanner features are disabled for this domain.
I tested what happens when I forward the messages to a Protonmail address instead of Gmail. They do arrive, but to the spam folder, and with the warning "This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded!" (Ironically, when the bank sends the notifications directly to the Protonmail address, they don't arrive at all).
For my specific use case, I found a workaround: I configured the bank account to send the notifications to a special address on my domain, which (using ForwardEmail.net) triggers a webhook. This webhook on my web server crafts a new message, and sends it to the "real" custom-domain address I want (and then ForwardEmail.net forwards it to my Gmail). Since I just want to know that a notification was received (and don't need to see the content), this is fine for me.
However, I suppose you may want to take a look at the problem, and find why it happens. I can send you (privately) examples of:
Please let me know if I can be of any assistance.
I have an address registered with forwardemail and disabled spam filter. I plan to use it to register to forums.
I disabled spam filters because I want all the emails to come! I don't want to get legitimate emails not delivered to me because they were misidentified as spam. My problem with FE spam filter is there is no folder where I can see what emails were caught!
I see 2 potential problems.
Is this a real problem or am I imagining things? Am I harming FE by disabling spam filters? What choices do I have if I want everything to be delivered but don't want to harm either FE or my domain?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.