Verifymail.io lists all domains handled by forwardemail.net as unsafe/disposable

[junxit]

I found out today that https://verifymail.io/ lists all (at least all the ones I tried) domains that have ForwardEmail's MX servers configured in DNS as unsafe/disposable.

I have domains I bought a few months ago that use a different MX server that are listed as safe. Newer and older domains of mine that use ForwardEmail.net's MX servers are listed as unsafe.

Is there a way to contact them and get this resolved? My communication attempts have been unanswered so far (contact AT).

[junxit]

This has recently caused at least one service I signed up for to reject my account creation request until after I contacted their technical support to manually override the system, which took hours vs moments.

[CorsairVelo]

I moved a domain over to Forwardemail.net a couple weeks ago. I got a similar warning from verifymail.io that it is a privacy/alias email address.

_ From Verifymail.io here's what they say about a "privacy email address'':

> Many email providers are privacy-focused, which can include awesome features such as email forwarding or unlimited email alias. These features are great for their users, however can be a nightmare for administrators or moderators who can't distingish between a legitimate email address or a single-use email address. The "privacy" classification allows us to notify our clients when an email address is using an email provider with privacy features that could potentially be misused by malicious individuals. This classification does not mean that the email provider is "privacy-focused". Use this classification at your own discretion, since these types of emails can be used by both privacy-conscious visitors and bad actors.

I have a different custom domain with Simplelogin and it gets the same warning

My 3rd custom domain at Proton does not get this warning. When I put that address in, verifymail.io marks it "Privacy - False" and "safe". Not sure why Proton is "Privacy = false"

EDIT: adding this text from their site: Based on our findings, we have deemed customdomain.com to be a temporary or disposable email provider. Website administrators should block this domain name from their website and prevent any account registrations using this domain name. This report has been based on verifymail.io's email verification API.

[titanism]

We have emailed the team there.

[titanism]

[CorsairVelo]

Any chance you can describe how Verifymail.io responded? At first glance nothing changed.

[titanism]

It's no longer classified as a disposable service and no longer suggests users to block the domain.

If you feel this is still defamatory of our service, please share your thoughts and feedback, and we will have our legal team formally take care of this.

[CorsairVelo]

I am not trying to escalate it, just trying to understand what they mean.

If I run my forwardemail.net domain in their page, it says "Disposable False" and "Privacy True" and the background color is orange (I presume as a sort of a warning color).

If I run a different domain I have at proton mail, I get full green and "Disposable False" and "Privacy False"

Why would that be? It's not on you to explain their logic, I undersand. I may pursue it with them. As far as I can tell , the privacy=true is not impacting my domain with fowrdwardemail, so I'm not losing sleep over it.

EDIT: rom verifmail.io Many email providers are privacy-focused, which can include awesome features such as email forwarding or unlimited email alias. These features are great for their users, however can be a nightmare for administrators or moderators who can't distingish between a legitimate email address or a single-use email address. The "privacy" classification allows us to notify our clients when an email address is using an email provider with privacy features that could potentially be misused by malicious individuals. This classification does not mean that the email provider is "privacy-focused". Use this classification at your own discretion, since these types of emails can be used by both privacy-conscious visitors and bad actors.

Perhaps because Forwardemail.net allows forwarding basically anywhere is the differentiator, proton doesn't do that.

[titanism]

Please email [email protected] @CorsairVelo with your feedback and request they change their policy. Let us know how they respond.

[CorsairVelo]

Thank you

[junxit]

So, they have 3 stages that I know of:

1. Red: means Disposable and Privacy
2. Yellow: means Privacy (unsure if they also have yellow meaning something else)
3. Green: means neither (the best score/rating, in their book)

Before May 17, 2025, they were showing all our domains as Red. I emailed them that day, and then on May 22, 2025, they replied saying now we're showing as Yellow following my request.

I filed this issue with the hopes of turning us to green, so thank you for re-opening the issue. While yellow is better than red, it certainly is not green.

It is odd they consider gmx.com and gmail.com not "privacy enabled", but our normal domains as "privacy enabled". Their criteria is not transparent, does not make sense (it should be domain-specific, not MX specific), and may be misleading their own customers while negatively affecting a lot of people such as myself.

[titanism]

Our legal team has sent a C&D to them and their registrar. We hope that they can resolve this confusion timely. Thank you all.

[CorsairVelo]

Agree with @junxit. Just to add a few things.

I have an old icloud account (icloud allows fowarding btw) and it is all green (privacy=false), my Proton account is green (custom domain) so privacy = false so it is green Forwardemail is labeled "privacy=true" as we know and is yellow/orange.

Their criteria certainly does not seem obvious.

[titanism]

Have any of you heard anything back from them in writing yet?

[junxit]

Nothing on my end (unsure if you meant the question for me). Have they responded to your C&D letter?

[titanism]

Unfortunately they have not. I have sent them one more email today (see below) as a courtesy before we submit our case to get a court order and legal summons against their hidden, unknown, and masked owners.

---

Subject: Request for Consistent Classification of Forward Email Domain

Dear VerifyMail.io Team,

We are writing to request a review and correction of the classification inconsistency for forwardemail.net on your platform. After thorough research, we have identified significant discrepancies in how your system classifies email providers with similar technical capabilities and privacy features.

Current Classification Inconsistency

Your platform currently classifies forwardemail.net as a "privacy email provider" with a yellow warning background, while simultaneously classifying other privacy-focused email services with green "safe" backgrounds. This inconsistent treatment is problematic for several reasons:

Services with Green "Safe" Classification:

• proton.me
• tutanota.com
• mailfence.com
• mailbox.org

Service with Yellow "Privacy Provider" Classification:

• forwardemail.net

Technical Feature Comparison

Based on official documentation, here is a factual comparison of the technical features you cite as the basis for privacy provider classification:

Proton Mail Features [1]

Email Aliasing and Masking:

• Additional addresses (aliases) available on paid plans (minimum 10 addresses)
• Unlimited +aliases using the "+" symbol (e.g., [email protected])
• Hide-my-email aliases through Proton Pass (10 free, unlimited on paid plans)
• Custom domain support for paid subscribers

Email Forwarding:

• Email forwarding available for paid plans only
• Can forward to any email address with conditional rules
• Requires recipient confirmation for activation

Privacy Features:

• Catch-all address support
• Sub-addressing capabilities
• Zero-access encryption
• Anonymous payment methods (cash, Bitcoin)

Forward Email Features

Email Aliasing and Masking:

• Unlimited email addresses and aliases
• Custom domain support
• Rate limiting controls (not unlimited as claimed)
• Manual account approval process

Email Forwarding:

• Full email forwarding service
• IMAP/POP3/SMTP support (actual email delivery, not just forwarding)
• CalDAV/CardDAV support
• 90-day waiting period for new domains (abuse prevention)

Privacy and Security:

• Open source codebase
• Technical whitepaper available
• Collaboration with major registrar abuse teams
• Strict abuse prevention policies

Privacy Guides Authority and Recommendations

Privacy Guides [2] is recognized as the leading authority on privacy-focused services and maintains strict evaluation criteria. Their recommendations include:

Recommended Email Providers:

1. Proton Mail - Full recommendation with detailed analysis
2. Mailbox.org - Full recommendation
3. Tuta - Full recommendation

Evaluation Criteria Used by Privacy Guides:

• OpenPGP/WKD support for encryption compatibility
• IMAP/SMTP access for standard email clients
• Zero-access encryption capabilities
• Anonymous payment method availability
• Custom domain and alias support
• Sustainable business models
• Built-in security and privacy features

All three services recommended by Privacy Guides offer the same technical features you cite as reasons for "privacy provider" classification: email aliasing, forwarding capabilities, and privacy-focused addressing features.

Inconsistency in Your Classification Logic

Your current classification system creates an unfair competitive disadvantage. If technical features like "email aliasing," "email forwarding," and "privacy features" warrant a yellow warning classification, then consistency demands that Proton Mail, Tutanota, Mailfence, and Mailbox.org should receive identical treatment.

Proton Mail specifically offers:

• Unlimited +aliases (no rate limiting)
• Hide-my-email aliases for masking real addresses
• Email forwarding with conditional rules
• Custom domain support

These are the exact features you cited in your correspondence as justification for Forward Email's privacy provider classification.

Forward Email's Superior Abuse Prevention

Unlike services that offer truly unlimited alias generation, Forward Email implements several abuse prevention measures:

• Rate limiting on domain and alias creation
• Manual account approval process
• 90-day waiting period for newly registered domains
• Active collaboration with GoDaddy, Namecheap, and Hostgator abuse teams
• Open source codebase for transparency
• Technical documentation and whitepapers

Request for Corrective Action

We respectfully request that you:

1. Reclassify forwardemail.net with a green "safe" background to match the classification of Proton Mail, Tutanota, Mailfence, and Mailbox.org

2. Apply consistent evaluation criteria across all email providers with similar technical capabilities

3. Acknowledge the technical differences between Forward Email's full email service (IMAP/POP3/SMTP) and simple forwarding/masking services

The current inconsistent classification is misleading to the public and creates unfair competitive disadvantage for Forward Email, despite our superior abuse prevention measures and transparent operations.

We look forward to your prompt resolution of this matter.

Best regards,

Nick
Forward Email
[email protected]

---

References

[1] Proton Mail Documentation - Types of email addresses and aliases: https://proton.me/support/addresses-and-aliases

[2] Privacy Guides - Encrypted Private Email Recommendations: https://www.privacyguides.org/en/email/

[noone1337]

@junxit @titanism Did somebody of you heard anything back from these guys from VerifyMail.io? It's really annoying what these guys do. My domains I just migrated are now marked yellow...

[titanism]

They went silent on us and the only next possible step is legal.

[titanism]

I also don't know of many legit and reputable services that use that service. If they do, contact them to make an exception and link them to this GitHub thread.