Email forwarding mystery solved
Feeling several facepalms now that my michal@piekarczyk.xyz email finally forwards to my hey.com email inbox. After several sessions of tweaking, the answer was low tech!
Registrar forwarding
Originally, I setup mail forwarding on my domain registrar. Only $5 a year, okay why not. After proving to my registrar I owned my hey email, I was all set, but tests yielded silence.
I spent several chat sessions with a support engineer at my registrar. He pointed out I was missing SPF and DKIM records for my custom domain and so he added those. Those have nothing to do with delivering mail to my address and only help to authenticate mail sent from my domain, but I figured what the heck let’s try something. That did not work.
On another day, I reached out and funny enough was talking with the same engineer and he noticed in addition to my registrar’s name server, I also had aws name servers answering for my domain too. I think this was because I have resources under my domain on aws too, but it doesn’t really which name servers resolve them so I consolidated my name servers. But that did not help either.
Cloudflare idea
Then next weekend, I was running out of ideas, and I also happened to move my domain to cloudflare to setup RAG search for my website5, so I switched my mail forwarding to cloudflare as well.
Interestingly enough this also didn’t work. I was chatting with ChatGPT all this time troubleshooting and ended up reading on a page on hey.com that they use ARC as yet another protocol on top of DMARC, for trying to solve email trust. I wondered hmm if hey.com uses this maybe it expects cloudflare to use this too, but I read hmm they probably do already use it and it is not really configurable at a user level. But then one other interesting theory came up that maybe my mail provider hey.com simply doesn’t inherently trust cloudflare and Chat suggested that I ought to try forwarding through gmail instead. I thought that’s interesting, so could there be some weird relationship between the two companies? In any case, it was something else to try, so I figured hey why not.
So I updated my cloudflare forwarding rule to point to my gmail address instead of my hey address and wow that actually worked. I was not really surprised at that point since I was getting mail forwarded from my gmail already. Then since I could finally receive forwarded email for my custom domain, I was super satisfied after trying for several weeks, and I thought hey let me also see if I can setup replying from this email as well. So I started messing around with my hey.com settings and actually I found, the setting I could have set at the start!
Enter low tech
So this is a setting I found that i actually telling hey.com I am okay with forwarding my mail to hey.com. That’s about it.
Somehow after wow several hours of research spread across 3 weekends, I did not bother checking hey.com’s settings. So at this point, I went back to cloudflare and switched back to forwarding directly to hey.com instead of via gmail, and of course that worked!
So ultimately hey.com has its own internal anti-spoofing settings, unrelated to any weird DNS tricks and unrelated to any mysterious inter company relationship.