-1

I´m searching for some arguments to avoid the creation of an SPF record for an external survey provider.

Example: Division inside a company (abcd) wants to send survey mails to external recipients with survey@abcd.com via an external survey provider (external mail infrastructure).

My concerns about this example:

  • Abuse appropriation of the domain abcd.com (Spoofing, Phishing, ...)
  • Blacklisting of the domain abcd.com as result of technical inadequateness of external mail server --> Spam classification for the domain abcd.com --> endanger the delivery of mails from abcd.com
  • Some of our safety precautions (Anti-Spam, URL-Scanning, Anti-Malware) will be cancelled

Are those concerns justified and do someone have further arguments? How do you handle this in (best) practice?

Usage of other domain or appropriation of the survey system inside company abcd isn´t desired.

Thanks in advance.

MRae
  • 109
  • 3

2 Answers2

2

There are some valid arguments both for and against using your existing domain @example.com for campaigns.

From a technical perspective a big risk with surveys/campaigns is that recipients will consider such a survey as spam (even though they are otherwise quite willing to receive other email from your company). If your existing domain is used and too many recipients consider the survey spam that will result in the loss of reputation and potentially threaten the reliability of the delivery of all your email and not only the survey/campaign emails.

Typically your existing email infrastructure is also not designed to handle the additional volume of traffic that a big email survey/campaign could generate.

Although I can also imagine that non-technical people assign more value to @example.com as an email address and closely associate that with your online example.com brand.

Essentially you have three options for the sender domain:

  • use a completely separate domain, for instance example.email or example-campaigns.com or even example.campaign-mailprovider.TLD
  • create a separate subdomain like for instance survey.example.com in your existing domain
  • use your existing online brand and email domain space and use example.com

Typically the first and the second should have a preference as that creates sufficient separation from your existing email.

The email survey/campaign may also be on your side. Typically they are required achieve a certain conversion rate that they can best guarantee if they can use their own tried and trusted infrastructure and depend as little as possible on you. A separate domain or a subdomain that gets delegated towards them will work much better for them than

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • It's rather standard practice for most ESPs to use a subdomain, sendgrid using sg.example.com, mailgun using mg.example.com – Jacob Evans Dec 04 '17 at 16:59
0

For me, the main concern would be the security and usage policies of the survey service. In an ideal world they would be using a known mail relay service and would have no other access to your mail apart from authorisation to send it, which would be, in an ideal world, a case of adding their servers to your SPF record and signing mail with a DKIM key which can be then revoked when the campaign is finished. However, phishing or spoofing would then be an abuse of their trust, but as the mail is being returned to a mailbox in your domain you shouldn't lose your internal security procedures. From your point of view you need to be able to trust the survey provider, who should be able to provide some kind of guarantee.

Simon Greenwood
  • 1,343
  • 9
  • 12