Email access, forwarding and redirection


There are various email forwarding, redirection and permissions options that can be confusing.  please review the following to help understand and choose an option.


Note that our mail servers are quite flexible, and there are also other options not listed here; get in contact of you need something specific or need further help.


Local Account / mailbox:  

A mailbox on our server, must be in a domain the mail server is authoritative over.  Has a username and a password to log in, and is accessible via IMAP and web mail.  

Usually can send email, too.  The MX record for the domain part of the email address in DNS should point to our server.

A mailbox can be disabled for login, or login and receive.



an additional email address for a Local Account, needs to be in the same domain.  Sometimes what people want when they say "forward" or "redirect".

either name can be use for logging in (they do not have separate passwords), and the client can choose which is the "default" for sending messages.

mail sent to the alias appears in the Local Account but has a unique "to:" field.

Aliases can only be on local mailboxes.

Switching an account to an alias will destroy the original account.



Like a courier package redirect, where the recipient writes on it that it's the wrong address and it needs to go to a different named address.

New mail is not kept in the local account, but the local account is retained if it exists.

Mail is resent (relayed) to the named account; it works for remote accounts (like sending on to a Gmail account also).  In the system it's called an "alternate email address", and it's a bit like a non-destructive alias.

More and more providers will block email that is redirected in this way to their mailboxes as redirects can be used to mask real email addresses.  This means that the redirected mail is sometimes rejected. (Microsoft 365 has been updated to reject all redirected/ auto-forwarded email, unless a specific rule has been created, for example).

Redirects should normally be temporary, and generally are not suitable for short staff absences.



While a redirect and a forward is similar for physical mail, there is a big difference in email, A Local Account keeps the email, but a copy is also forwarded to the named account, like an inbox forwarding rule.  This is "Store and forward" and means there will be 2 copies of the email, and it can therefore waste storage space.

Forwards can be used to local or remote mailboxes.

Normally if a forward rule is used, we also recommend using the "delete email older than x days" option to prevent storage creep but beware it can delete a lot of old email at once.


More and more providers will block email that is forwarded in this way to their mailboxes as forwards can be used to mask real email addresses.  This means that the forwarded mail is sometimes rejected. (Microsoft 365 has been updated to reject all redirected/ auto-forwarded email, unless a specific rule has been created, for example).

The client can also configure a forward rule in webmail, this is the preferred method as they then retain control.


For meeting legal retention obligations.  An alternate option: The "copy" feature can be used for both inbound and outbound email if required instead of the forward feature.



  • Example Use cases:



A staff member has left, the mail should be retained for archival purposes, but new incoming mail should go to their previous manager.

If the mailbox already exists on the server, and a redirect "alternate mail address" is configured, mail is sent straight through to the new address, but the old mail is not destroyed.  The old mailbox does not receive the new email at all.

Additionally, the mailbox should be disabled for login (or the password changed).

An autoreply "responder" can also be configured to inform the sender the staff member has left.


Note: if the mailbox is created when the "alternate email address" is configured, it is not allocated locally in storage as it is not needed, the mailbox will never receive mail.


After a while, the mailbox storage should be deleted, but the redirect can be retained.



A staff member has left.  The staff member's manager simply wants to take over the account.

Change the password, and add the account to the manager's email client.



Accounts has staff members that have a duty cycle, or are not always onsite, all accounts staff need to be able to fully manage the accounts mailbox.


Set up an accounts mailbox

It is possible to configure mailbox permissions, this can be used to allow one user specific granular permissions over another user's mailbox, (or to avoid sharing the shared mail account passwords with users).  I think it also works with webmail.


 It's also possible to configure it as an additional mailbox in the accounts staff email client (this requires a shared password).


For security, consider the email copy feature.



The company CEO also wants to have the email address

Add it as an alias.



The company/domain has been shut down, but it's still possible someone may email it.

The mailbox is used infrequently, but the user has a gmail or other account that is used more.

Configure a forward.  Be aware forwards are unreliable at times.  Also configure the delete older than x days option to avoid mailbox size creep.

The forward option is used here just in case the forward fails, there's still a copy of the message.



For legal reasons, all email sent and received to a specific mailbox must be retained (even if the user tried to delete it)

Configure "copy inbound & outbound email" to another local mailbox, and archive this extra mailbox regularly.

Also, Consider moving to a cloud service such as Microsoft 365, Enlighten also offers Microsoft 365.



A staff member will be away for a week.  They don't want to share their email, but incoming email should be on-sent to their manager while they are away.

Configure a forward (or forward inbox rule can also be done via webmail by the staff member).

This means email will be sent through to the staff member's manager, but the message will also be retained for the staff member to review on return.

Temporary access permissions could also be assigned to the manager.

The user can also configure an out of office reply via webmail.



A manager needs to also be able to access a staff member's mail.

Either configure the mailbox as an additional mailbox on the manager's device (requires shared password), or use permissions to allow the manager access to the mailbox.

be aware of potential privacy law issues.

Have more questions? Submit a request


Article is closed for comments.