1

I'm trying to understand how apps such as greenhouse.io configure DNS for delegating email sending.

In short, assume I am a SAAS provider saas.com and my customer is customer.com. I've seen that it is possible to:

  1. Ask my customer to create a subdomain - say saas.customer.com and add DNS records for DKIM validation. The intent is that my SAAS can send emails from saas.customer.com.
  2. Once they add, I (saas.com) can send emails from user@saas.customer.com.

I understand the above.

However, I also see that (especially for greenhouse.io), it's also possible to send with the From: message header as user@customer.com (and not just user@saas.customer.com). This is somewhat surprising to me.

In summary, if I am authorized to send emails from a subdomain, and I use that subdomain to send with emails where from header is a parent domain (I understand that this is not the envelope sender) is this a valid use-case - or does this have possibilities of being marked as spam etc?

I'm using Amazon SES, if it matters.

ragebiswas
  • 111
  • 1

1 Answers1

0

You can make it work to send email using the customer's naked domain, but this is considered bad practice for reputation reasons. You would be mixing the reputation of the company's internal corporate mail with that of whatever mail you will be sending, which always 100% of the time works out badly as soon as some recipient clicks the Spam button. Keeping such mail on subdomains protects the reputation of the naked domain and helps prevent interruptions such as the above.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • I get what you mean. In terms of SPF / DKIM - it looks like this is allowed then? I'm not too familiar with these (and DMARC) but I would've thought that by default this should be at least mildly frowned upon – ragebiswas Aug 19 '21 at 13:30
  • Everyone is doing it, so... – Michael Hampton Aug 19 '21 at 13:43