I am kindof surprised that Cloudflare introduced e-mail forwarding as a product in 2021. The writing has been on the wall for this kind of thing for a long time. If anyone has a chance, you would think it was Cloudflare, because they are big and have some chance for special handling from the big providers like gmail and even they don't seem to be able to get it right.<p>I would highly recommend that you get rid of anything that does e-mail forwarding like this. It's really outdated at this point. It worked OK in the mid 2000s but as spam battle has grown it's gotten complicated.<p>Since you forward every email from provider A to provider B, provider B effectively sees a stream of e-mail from provider A that includes at least some amount of spam (anything that missed their filter). Very often these forwards are used for e-mail addresses that don't get a lot of real e-mail but are maybe used infrequently or old addresses you are maintaining and thus get a lot of spam but little legitimate e-mail and so the percentage of spam that makes it through can be quite high, relatively speaking.<p>That person is also not an authorised sender for legitimate e-mail under the various antispam solutions such as SPF - if you forward an e-mail from Paypal for example - you are violating their SPF policy of allowed senders. So then the e-mail has to be "rewritten" to pretend it's from an email on provider A, but your e-mail client still has to show it's really provider B.. so it's difficult to determine if that's spam or not.<p>DKIM helps here.. because the email is digitally signed instead of being recognised by the IP. Except to make SPF not fail, you have to do "SRS" or sender-rewriting as previously mentioned. But that changes the content of the e-mail which breaks DKIM. There are some mitigations for all of this (e.g. RFC7960) but the point is for the small fraction of real e-mail taking these "indirect"/forwarded email flows it usually erodes some ability of the final provider to do effecient spam prevention, or you get caught up in said spam prevention. There are no winners :)<p>It's then difficult for provider B to correctly spam filter with their own methods. Because the e-mail comes from provider A as far as they are concerned, and, while you can parse and guess based on the headers where it came from before that, it's error prone and not entirely standardised and bunches of that header trail can be forged.<p>Google offers the ability to pull e-mail into your account with POP or IMAP from a provider that receives the mail into a mailbox temporarily. Or you can setup the domain directly with your preferred provider - e.g. with google workspace, etc. Either of these is a much better method. But I guess you need a non-cloudflare provider currently.