Email Forwarding Issues – Why Shaw Needs Sender Rewriting Scheme (SRS)

RickClark
Grasshopper
Tuesday

Hey everyone,

I wanted to share an issue I’ve been having with Shaw’s email forwarding and explain why implementing Sender Rewriting Scheme (SRS) is crucial.

The Problem: I have my Shaw email set up to automatically forward a copy of emails to my Outlook.com account for archiving. While most emails arrive fine, some emails never make it through—without bouncing back or any notification. This silent dropping of emails can be incredibly frustrating and unreliable.

Why This Happens: When Shaw forwards emails, it keeps the original sender’s address intact. This causes the forwarded email to fail SPF (Sender Policy Framework) checks because Shaw’s servers aren’t authorized to send emails on behalf of the original sender’s domain. Many modern email providers, like Microsoft Outlook, perform strict SPF, DKIM, and DMARC checks. If an email fails, it might get silently dropped or flagged as spam.

What is SRS and Why It Matters: The Sender Rewriting Scheme (SRS) solves this problem by modifying the sender’s email address during forwarding. Instead of forwarding the email as-is, Shaw’s servers would rewrite the sender’s address to indicate that it has been forwarded, like this:

SRS0=john=example.com@shaw.ca

This allows the forwarded email to pass SPF checks because it now reflects Shaw’s forwarding system in the sender address. Most importantly, when you reply to that email, it still goes back to the original sender.

Without SRS:

  • Emails can fail SPF checks.

  • Messages might be silently dropped without notifications.

  • It creates unreliable email delivery.

With SRS:

  • SPF/DKIM/DMARC checks pass.

  • Emails are delivered reliably.

  • Replies still go to the original sender.

What Can Shaw Do? Shaw should implement SRS on its forwarding servers to prevent these silent drops and improve email reliability. It’s a common best practice among email providers to ensure that forwarded emails comply with modern security standards.

Has anyone else experienced this issue? Let me know if you’ve found any workarounds or if Shaw has provided a solution!

Labels (1)
Labels
0 Kudos
Reply
2 Replies

wrote: some emails never make it through—without bouncing...

mdk
Legendary Grand Master
Wednesday

@RickClark wrote: some emails never make it through—without bouncing back or any notification.

Some E-mail messages sent your at-shaw-dot-ca ID are being classified "spam".  Depending on your personal "spam" settings, those E-mail messages are either "silently discarded" or moved into the "Junk" folder.

If you logon to Shaw WebMail, click to the "Junk" folder, to see those incoming messages have been moved into that "Junk" folder. The issue is that your copy of Outlook does not download those messages -- it only downloads from the "Inbox" within Shaw WebMail.  

So, within WebMail, change your settings to "flag the spam" and "keep in Inbox". Then, when Outlook downloads those messages, it will move those flagged messages into Outlook's "Junk Mail" folder.

 

 

0 Kudos
Reply
Reply
Loading...

Thank you for responding, ! I appreciate your suggestion...

RickClark
Grasshopper
yesterday

Thank you for responding, @mdk!

I appreciate your suggestion to check the Junk folder, but unfortunately, the missing emails aren’t there. I’ve always had my settings configured to flag spam and keep it in my Inbox, and I’ve confirmed that there’s nothing in my webmail Junk folder.

Additionally, I have a Power Automate flow set up to move all incoming emails in Outlook to my Inbox, so this isn’t a filtering issue on my end.

After investigating further, it appears the issue is related to DMARC failures when my emails are forwarded from Shaw to my Outlook.com account.

What’s Causing the Issue?

When Shaw forwards emails to my Outlook.com account, the original "From" address (e.g., user@xxx.com) remains unchanged.

However, Outlook.com checks the sender's DMARC policy and rejects the forwarded email because Shaw isn’t authorized to send emails on behalf of the original domain.

This is a common problem with email forwarding and strict DMARC policies. Without proper handling, forwarded emails fail SPF and DMARC checks and are rejected outright, never reaching the Inbox or Junk folder.

How to Fix This – SRS (Sender Rewriting Scheme)

SRS rewrites the sender’s address during forwarding to indicate that the email was forwarded by Shaw, helping it pass DMARC checks.

  • Without SRS:

    • From: user@xxx.com → Forwarded by ShawOutlook.com rejects it due to DMARC failure.

  • With SRS:

    • From: SRS0+HASH=shaw.ca → Forwarded → Outlook.com accepts the email.

Result: The email passes SPF, DKIM, and DMARC checks and is delivered to the Inbox or Junk, rather than being rejected.

Error Message Example

On rare occasions, I receive a rejection notice like this:

550 5.7.509 Access denied, sending domain [MICROSOFT.COM] does not pass DMARC verification and has a DMARC policy of reject.

More Info on Microsoft’s DMARC Handling

Microsoft strictly enforces DMARC policies for personal Outlook.com accounts, and there’s no option to adjust how these policies are handled. Without implementing SRS, forwarded emails from Shaw will continue to be rejected.

For more details on how Microsoft handles DMARC policies, check this article:
Announcing New DMARC Policy Handling Defaults for Enhanced Email Security:
https://techcommunity.microsoft.com/blog/exchange/announcing-new-dmarc-policy-handling-defaults-for-...

Thanks again for your input! Let me know if you know a way to have Shaw take this concern seriously as I believe most people won't realize the cause for the issue

0 Kudos
Reply
Reply
Loading...
TALK TO US
We're here to help
Connect on Live Messaging
Chat on Messenger
Direct Message on Twitter