Skip to main content

Email relegation/authorization

Comments

10 comments

  • cPRex Jurassic Moderator

    Hey there!  My personal opinion - if the domain has already had reputation issues, it would be best to not have them send from your server at all.  Even with a dedicated IP address the hostname of the machine will always show up in the mail headers, and could cause problems for other users on the system.

    1
  • cPRex Jurassic Moderator

    It's really up to you how you want to handle it.  You could add the record and then if *anything* happens tell them they need to get a dedicated server.

    1
  • verdon

    So, there is risk then. Thank you much for weighing in. I wasn’t comfortable with it, but am no expert and wanted another opinion.

    1
  • verdon

    They won’t be using me for SMTP of course, but I imagine using a DKIM/SPF/CNAME they provided in the DNS that I host amounts to much the same effect?

    0
  • cPRex Jurassic Moderator

    If they aren't sending from your server, I'm not sure how you providing them with those records will help them?  What issue are they experiencing?

    0
  • verdon

    To my understanding, they are trying to send email with my clients address as the replyto address. two mail runs over a period of a couple weeks were tried. The first had some bounce back due to them being in an RBL. The second had some bounce with the low server reputation, dkim/spf type warnings. At no point have they asked my client for email account credentials, so they can’t possibly be trying to send through me. Their support has asked me to add those entries to the dns zone… adding their server to the SPF, a key they provided to DKIM, and a sub-domain pointing back to them in the form of a CNAME.

    0
  • mtindor

    Sounds to me like what the OP is saying is that he has a client is using a third-party emailer (example Constant Contact, Salsa Labs, etc).   The OP's client wants to make sure that emails sent from the third-party emailer on behalf of @clientdomain pass SPF / DKIM / DMARC.    Not out of the ordiinary at all.

    For instance, if the third-party were a place like Salsa Labs, they would have a DKIM TXT record that they would request be added to DNS as well as an SPF addition of include:salsalabs.org and would request at least a very conservative (p=none) DMARC record.

    Completely reasonable for the OP's client to request such thing.  The client wants the 3rd party to be able to send emails on behalf of somebody@clientdomain.ext and have it pass SPF, DKIM and DMARC.

    The messages aren't going to be relayed through the OP's server, and there is no harm or risk in adding the DNS entries.

    Of course, if the client has access to their own cPanel account, and if DNS for their domain is being handled on the cPanel server, the client themselves could log into the cPanel account and add that information themselves.

    Either way, the OP's client should have the opportunity to be able to use 3rd-party email senders and have the necessary information added to DNS.  If the client has no way to do it themselves on the OP's server, then the OP should add those records for the client.

    0
  • mtindor

    "Their support has asked me to add those entries to the dns zone… adding their server to the SPF, a key they provided to DKIM, and a sub-domain pointing back to them in the form of a CNAME."

    All completely sensible requests.   Is the 3rd-party mailer reputable?  That's really not for you to concern yourself with.  If your client wants to use that 3rd-party mailer that is their business.   You, adding appropriate information for SPF / DKIM / DMARC at the request of the client and the 3rd-party mailer is not going to harm your server, its reputation, or your IP address reputation.

    Are you able to share the name of the 3rd-party sender that will be sending emails on your client's behalf?   Not that it really matters.   There are some very popular ones (I listed two, but there are plenty more).   And even reputable 3rd-party mailers do have IP addresses that are blacklisted on RBLs or tagged on private RBLs (like on Barracuda firewalls and such).

     

    0
  • verdon

    @mtinder thank you much for your input. The 3rd party is BlinkSale. I'm a little over cautious I suppose… it’s so easy to get deliverability issues and so hard to get rid of them… I prefer to err on the side of caution.

    0
  • mtindor

    Verdon, I completely understand.   But your adding to records to your client's DNS, at their request, so that their third-party invoicing company emails are more reputable (by passing SPF, DKIM, DMARC) is reasonable.   And none of that would affect your server or server IP address reputation.

    BlinkSale looks legitimate enough.   Looks like Blinksale themselves uses third-party emailers for their own email campaigns, including mlsend, mailgun and customer.io.

    Honestly, I see nothing to be worried about though -- as long as you add those things at the request of your client.   Once you do that, the burden is on your client if the 3rd-party service doesn't work out for them.

    0

Please sign in to leave a comment.