When using external service providers using company email domains for senden messages, you will encounter problems when sending to internal recipients. Solve this issue by using dedicated sub domains for external service providers.
2. What is a Service Provider
External company providing email based services for an enterprise
Usually uses an email domain owned by the enterprise customer to obfuscate the service
Service provider emails are sent from servers owned by the service provider
Examples
Email Marketing Services
Travel Agencies
Cloud based Business Services
3. Service Provider Email Implications
Service provider emails are filtered as spam
Service provider emails are not received by internal recipients
Service provider emails are identified as being sent from an untrusted source
4. Using an enterprise primary top level domain
Accepted domain:
varunagroup.de
Service provider sender addresses
newsletter@varunagroup.de
booking@varunagroup.de
user@varunagroup.deExternal recipient Email Gateway
Email blocked due to identical sender and recipient domain
5. Solution A – Single Sub Domain
Single sub domain for external service providers
email.varunagroup.de
Requirement
Dedicated mail server hosting sub domain addresses
Email address verification only – never used for sending emails
Email security
One SPF Record containing all service provider SPF references
include:spf.nl2go.com include:spf.constantcontact.com
Multiple DKIM records in single DNS zone
provider1._domainkey.email.varunagroup.de
provider2._domainkey.email.varunagroup.de
6. Solution B – Multiple Sub Domains
Dedicated sub domains for external service provides
newsletter.varunagroup.de
booking.varunagroup.de
Requirement
Dedicated mail server hosting sub domain addresses
Email address verification only – never used for sending emails
Email security
One SPF Record per sub domain containing the service provider SPF references
include:spf.nl2go.com
Single DKIM record per DNS zone
provider1._domainkey.newsletter.varunagroup.de
provider2._domainkey.booking.varunagroup.de
7. Using an enterprise sub domain
Accepted domain:
varunagroup.de
Service provider sender addresses
newsletter@email.varunagroup.de
booking@email.varunagroup.de
user@varunagroup.deExternal recipient Email Gateway
Email accepted due to different sender and recipient domains
8. Technical Implementation – Example
Enterprise Email Server
e.g. Exchange Server
Sub Domain Email Server
e.g. SmarterMail
External IP addresses
Primary MX Records
Reverse DNS Setup
Email Security Gateway
e.g. NoSpamProxy
External IP address
Sub Domain MX Records
No Reverse DNS Setup
Internal DNS Server
Top Level/Sub Domain Zones
SPF, DKIM
External DNS Server
Top Level/Sub Domain Zones
SPF, DKIM, DMARC