I love Bluehost, and I usually recommend them for all my clients who need a budget web host. However sometime in early 2014, Bluehost made a change to their email delivery policies which makes them much less useful, at least insofar as email is concerned.
If you only rely on Bluehost’s own POP3 or IMAP mailboxes to receive and retrieve your email, then there’s no problem. However, if you rely on Bluehost’s email forwarders (for example, to forward email@example.com to firstname.lastname@example.org) then you are very likely losing a significant amount of inbound email. Here’s why:
To protect the spam-free reputation of their shared hosting environments, Bluehost has begun applying aggressive anti-spam filters to all mail forwarded through their servers. You cannot disable these filters. At the time of this writing, any email that doesn’t pass “SPF verification” will not be forwarded. Email without valid SPF headers will not show up in your spam folder. It will not bounce back to the sender. It will simply… disappear.
There’s nothing wrong with paying attention to SPF verification, but to use this as a single-point measurement of ham/spam worthiness is pure folly, because even well-meaning but slow-to-evolve organizations haven’t yet configured their mail services for SPF compliance. For example, none of my official email from Verizon Wireless is SPF complaint. So, as far as I know, Verizon Wireless is now unable to send email to anyone whose email address is a Bluehost forwarding address.
How to improve deliverability of forwarded email if you are on Bluehost
There are basically three options:
- Upgrade to a Bluehost virtual private server. Since your VPS will have its own mailserver, it won’t be subject to Bluehost’s new forwarded mail spam filters. I don’t recommend this option because I’d rather see Bluehost fix this issue than turn a profit.
- Don’t use Bluehost for mail service. This is probably the most sensible route. You can keep your website on Bluehost while moving your mail service to something like Google Apps ($5 per user per month.)
- Use a Bluehost POP account instead of a forwarder, and configure your mail software or service to retrieve via POP3. If your preferred email is a Gmail account, there’s an especially clever solution available to you: Just delete the forwarding address at Bluehost, and setup a bonafide mailbox on Bluehost with the same name. Then login to your Gmail account, go to the settings area, click the tab for “Accounts and Import”, and click the link to “Add a POP3 mail account you own“. This will instruct Gmail to periodically check your Bluehost POP box for new mail, effectively recreating your forwarded mail solution while bypassing Bluehost’s new spam filters.
In email settings all in coming mails are set at POP3 and all outgoing emails are set at IMAP.
I have my personal domain, hosted by bluehost, forwarded to gmail. This cause me some issues, I did not know bluehost was dropping emails from my my bank. Luckily my bank did not have anything serous to tell me so no damage. If I had a breach in my account I will never would have know till it was much later.
To fix my issue I went with option 3, which works, but I like the instant email which the forwarders method gives us. Option 1 is not worth the money for a personal account. Option 2 might work today, but what happens if I move hosting and the next company does the same.
I checked out gmail’s domain hosting, but for 4 accounts is $5 X 4 = $20 a month. Again, not worth it.
I just discovered this issue myself. It would have been nice for Bluehost to let us know they were going to start doing this crap, because I’ve been missing emails for the last month and I just now figured out there was a problem. I’ve started a thread on Google’s Gmail forums about this issue, and they believe that Bluehost is actually implementing SPF incorrectly: https://productforums.google.com/forum/?utm_medium=email&utm_source=footer#!msg/gmail/ZE6s78irV5k/5U_NHjLF8RQJ
Additionally, I’d like to add that I’ve come up with a fourth workaround option, a more hybrid approach. First, follow Step 3 that you posted above. Next, from the Bluehost cPanel, select “User Filtering”, then select “Manage Filters” for your forwarded address. Create a new filter with rules that essentially say “Redirect all messages to Gmail, except for message with a From containing Amazon.com, Newegg.com, etc (for all domains you’ve discovered will not auto-forward). The advantage to this method is you still get majority of your emails ASAP, while the “blocked” ones will still trickle in through the POP3 pull.
THANK YOU for this blog post and the various solutions. I’ve been getting really frustrated trying to figure out what the heck was going on
Is there a list of confirmed domains that bluehost will not forward? So far I’ve found newegg.com, amazon.com, homedepot.com
The problem is this.. You are attempting to forward a non-existent email address at Bluehost to an existent email address at gmail.
The answer is this.. A simple work around is to set the forwarders at Bluehost to forward to an existing Bluehost email address. Then forward that email to gmail. Problem solved. Yes you will have to change every forwarder to the Bluehost email address, but it works.
“If you stop and think, you’ll see it” – Grissom
I changed over to hover and no more issues.
Hi there, thanks so much for this post, it saved me from lot of pain, I just realized I was missing lots of messages. Bluehost customer service confirmed it’s like that and seems there’s no way avoid it.
Switching to pop3 from Gmail, how often is mailbox checked?
If there’s too latency it could be really difficult …
Hi L. Latency is not bad. Gmail checks the POP pretty frequently.
I might have found another simpler way:
– setup Bluehost forwarder to keep email on server (not delete) and with no need for filters
– setup GMail POP3 to keep mail on server as well
if you keep them running together seems that GMail can recognize already downloaded messages and does not import double copies. This way you keep relying on forwarding for instant delivery and you can get the bluehost skipped messages via POP3 with some small delay.
You just have to remember to increase your mailbox quota and clean it up from time to time.
L’s suggestion works beautifully. I checked it out yesterday and it is the best of both worlds. My biggest problem is the latency was 10-15 minutes with just gmail POP checking. If I order food online, that is too long and I have to use the gmail address. So I had been running with filters and getting the problem emails from POP and everything else forwarded. But I didn’t know which emails I was missing if my filters weren’t setup. I did make one change to L’s suggestion. I let Gmail POP delete the emails from the server. It will delete both the email that was forwarded as well as the email it checks with POP and I only get 1 copy of everything. Works like a champ, for now. Unti Bluehost changes something else.
Hi Brian, just curious, are you saying that without deleting mail from server you get 2 copies of the same message? I don’t get them, I keep everything on Bluehost (it’s also a good backup) and when the message is forwarded by Bluehost it is not re-downloaded via POP3, I’m only getting one copy of the “SFP-filtered” mails, with a slight delay (avg. 1 to 10 minutes).
Without deleting from the server, I also only get 1 copy of the message. I don’t want to have to remember to go to the bluehost server to delete any emails.
I’m not on gmail, I forward to Shaw, my home ISP in Canada. What about if I just switch them around, so my @shaw email forwards to my BlueHost email and I configure my Outlook and iphone to receive POP or IMAP from BlueHost? Currently my work email @bluehost forwards to my @shaw, but I too am losing a few each week, and not just from Amazon and Facebook. Many are totally legit clients emailing me!
Anybody see any reason why that won’t work?
This article’s not quite right.
Bluehost can’t forward emails coming from domains whose SPF records specify “-all”, or translated, that nobody but the servers specified in the include list are allowed to send email on behalf of the domain.
For example: Paypal’s SPF record specifies “v=spf1 include:pp._spf.paypal.com include:3rdparty._spf.paypal.com include:3rdparty1._spf.paypal.com include:3rdparty2._spf.paypal.com include:3rdparty3._spf.paypal.com include:c._spf.ebay.com ~all”
This ~all says that anyone can send email (or forward email) using the paypal.com domain, but if it’s not in their include list, then the email should be marked as spam.
The SPF records for Amazon.com are as follows:
“v=spf1 include:spf1.amazon.com include:spf2.amazon.com include:amazonses.com -all”
The “-all” specifies that any server that’s not on the include list mentioned should NOT send emails on behalf of the domain. As Bluehost’s isn’t on there, they don’t forward the emails as they’d be blocked as spam for ignoring the SPF record.
Basically, this issue started because they started respecting the SPF wishes of domain owners.
I second the workaround, which has you configure your gmail account to download the emails directly from the Bluehost server using POP3. That way you can bypass the forwarders entirely: https://my.bluehost.com/cgi/help/gmail
Maybe I’m missing something.
I’m trying L’s suggestion, but I’m not seeing any options to “- setup Bluehost forwarder to keep email on server (not delete) and with no need for filters” in the forwarding section of my cpanel.
Are there settings elsewhere?
Just for the record, Grissom’s suggestion doesn’t work. You will still lose emails even when forwarding from an existing Bluehost email account.
OK I’ve implemented a workaround so as to receive non-SPF-compliant emails.
So far I’ve nearly lost my best client, nearly missed a plane and missed parcels awaiting my collection.
I may think I’ve got off fairly lightly from Bluehost’s negligent behaviour, however:
Just how many others wrote to me from non-SPF-compliant domains between March and July 2014? New clients may be lost forever, but I may have lost mail from existing clients, friends and family who possibly wrote to me but never received any reply!
What I need next is a script which will loop through all headers from all past emails of around 1,200 contacts to check for SPF compliance. I have duplicate copies of several years’ emails in both Gmail and Mozilla Thunderbird. Any help appreciated.
P.S. (I plan to mass-email every non-SPF-compliant contact in my contacts list so as to apologise for Bluehost’s behaviour and to ask them to re-send any emails they sent me between March and July).
I lost 1000’s of emails due to Bluehost’s negligence, but fortunately I had forwarded all emails being forwarded outside of Bluehost also to a local pop account on Bluehost. The local pop email account on Bluehost ALWAYS gets the message no matter what, but anything forwarded outside of Bluehost gets vaporized with no warning or trace.
Even though I have over a year left with Bluehost and little chance of getting a refund due to their negligent changes, I have moved to web host Asmallorange. This host DOES NOT filter or drop forwarded emails and everything works the way it used to with Bluehost. They were also able to copy my existing pop email accounts and forwarders over at no charge, saving me labor. They have reasonably good and easy to contact chat support (no phone support). They are a lot cheaper than Bluehost if you can keep your storage under 1GB. (less than $5/mo on the initial term)
What I don’t understand is why Bluehost thinks this is not a big deal. They lost me for LIFE the moment they did this. I know that not everyone uses forwarders, but for those of us that do, there is no way you can stay with someone that drops forwarded emails without warning.
Using forwarders is a legitimate way to control spam messages by assigning a unique inbound email address to each vendor or contact. If the email address gets compromised, you just change it and then delete the inbound forwarding email address. The most scary compromised email address was “email@example.com” where I started getting unsolicited stock tips. This happens more than you think.
Wow. I have just found many, many important emails that I never knew existed. Time to apologise / patch up relations with friends / family for me as well. I can’t believe Bluehost would do this without informing their customers … all it would have taken is one email! Thanks you very much for the tips on how to solve it guys.
I will setup an actual pop3 account and that’s it. Thanks for posting this blog post, it clears a lot of things…
I came across this same problem very recently when some fairly important e-mails were not appearing without explanation. It took three separate attempts with their support to clarify that the problem was email being silently dropped due to SPFs.
I’m now hunting down an alternative service.
We were using Bluehost’s email forwarders for our clients but have since changed over to use Bluehost POP3 or IMAP mailboxes to receive and retrieve emails, as you point out this is the best way to avoid losing emails.
Thank you for this really helpful post. I was wondering why not all of my emails were being delivered but I wasn’t getting bounced messages either. I appear to already have #3 in place, but still my emails are not being received at the other end on a very regular basis. Any idea what I might be doing wrong?
What about changing the mx records on bluehost to point to google’s mail server? does that work?
Hey thank you for your article…very informative….blue host is one of my favourite in web hosting….
Folks, I found the ACTUAL way to keep forwarders working on Bluehost. And that’s turning on Sender Rewriting Scheme (SRS). Once that is done, even emails that go through a forwarder will pass spf checks on other servers.
To do this, log in to your Bluehost site’s WHM interface. yourdomainname.example/whm : you need the root password to do that, and help files on Bluehost or cpanel will tell you how to get the root password.
Go to Service Configuration > Exim Configuration Manager > Basic Editor. Then scroll down to Enable Sander Rewriting Scheme (SRS) Support. Change the radio button from Off to On. Hit Save at the bottom of the page, and it will rewrite the rule and restart Exim.
Now mail forwarded with a Forwarder (or originating from your website using PHPMailer, etc.) won’t fail the SPF check. Hooray.
@peter — I believe this only works if you have a VPS or dedicated server at bluehost. Regular accounts only come with a single cPanel account, which does not give you WHM access.