I´m searching for some arguments to avoid the creation of an SPF record for an external survey provider.
Example: Division inside a company (abcd) wants to send survey mails to external recipients with survey@abcd.com via an external survey provider (external mail infrastructure).
My concerns about this example:
- Abuse appropriation of the domain abcd.com (Spoofing, Phishing, ...)
- Blacklisting of the domain abcd.com as result of technical inadequateness of external mail server --> Spam classification for the domain abcd.com --> endanger the delivery of mails from abcd.com
- Some of our safety precautions (Anti-Spam, URL-Scanning, Anti-Malware) will be cancelled
Are those concerns justified and do someone have further arguments? How do you handle this in (best) practice?
Usage of other domain or appropriation of the survey system inside company abcd isn´t desired.
Thanks in advance.