Skip to main content

Cornell University

Delivery to External Email Addresses

An increasing number of external email providers (like Google, AOL, Time-Warner, etc.) are using a policy meant to stop fraudulent emails that may prevent the delivery of forwarded messages.

If you choose to forward your email, you do so at your own risk.

Everything on this page could be placed in boxes with exclamation points and other attention-getting devices. But, at a bare minimum, please read this: If you choose to forward your email, you do so at your own risk.

Some (many) messages may not be delivered - for the reasons outlined below - and you will not even know they were sent.

In addition, some accounts forwarding to multiple addresses are blocked by Google and other providers as being spammers; if that happens to you, you won't be able to send or receive mail.

Everyone with an @cornell.edu address has the option to forward their mail to an external (something not @cornell.edu) address.

  • For those with Google Workspace accounts: Gear icon - Settings - Forwarding tab.
  • For those with Outlook on the web: Gear icon - Settings - Mail Settings - Forwarding.

However, an increasing number of external email providers (like Google, AOL, Time-Warner, etc.) are using a policy (meant to stop fraudulent emails) that may prevent the delivery of forwarded messages. The What is DMARC section below describes this policy.

Once mail leaves the Cornell servers, we have no way of knowing if it was successfully delivered, nor do we have any way of determining what happened to a message that was not delivered. Please be aware of the risks involved in forwarding your email to another address.

The DMARC policy as implemented by external email providers can cause other complications as well. For example, when Facebook sends a notification to a Cornell address which is then forwarded to a Gmail address, Gmail rejects the message AND notifies Facebook. Facebook then stops sending notifications to the Cornell address. At no point is the Cornell email system notified, so there's nothing we can do to prevent or change this. This type of behavior will become more common (and more complicated) as more email services enforce this policy.

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It verifies whether an email message actually came from the place it was supposedly sent from. The administrators of an email system can use this policy to defend against email spoofing (spoofing is when a message appears to come from one place but actually came from somewhere else).

The administrators of the external email system can either Reject or Quarantine messages that trigger DMARC.

  • Reject: When an email provider chooses the DMARC “reject” policy, any message that fails this test will be bounced back to the sender.
  • Quarantine: When an email provider chooses the DMARC “Quarantine” policy, the email will not bounce, but rather be put in a quarantine area or in a junk folder.  When mail is quarantined, the sender never learns of the interception and the recipient might never know to go looking for it.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.