by josh » Sat Nov 07, 2015 4:17 am
there are a number of ways to imagine implementing it. Would you have one mask address per user, or one per pair of sender and recipient? With your use case, you could probably get away with the former, which would be much easier to implement. one way to do it would be to just use their username on your site @ your site's domain as the email address, and then when the third party replies, it will come to your mail server, where you can deliver it somehow to the proper user (and that will be obvious because the username will be before the @ sign in the delivery address.
The biggest concern for me with adding the forwarding feature was the potential for abuse -- in the early days of the internet, basically every mail server was an open relay and anyone could use any mail server to email anyone else - of course, spammers took heavy advantage of this, and so mail servers started blocking relays from domains they didn't handle primarily, which sent spammers off looking for remaining open relays. When you put together an email intermediary system, you're essentially creating an open relay, and so you have to think about how it might be abused, lest someone use your service to send out a bunch of spam, and then you get blacklisted and can't sent any mail. It sounds like you may already have this issue (or maybe already have solved this issue) because it sounds like your site is already forwarding?, but it's still worth thinking about as you contemplate the design of the system.