Educause Security Discussion mailing list archives
Re: Third-party external services using your email domain
From: Rob Milman <rob.milman () SAIT CA>
Date: Tue, 23 Jan 2018 22:54:43 +0000
Hi Thomas, We went through this last year. As much as I don't like to take advice from Microsoft, they actually put together some good advice on this very subject. https://blogs.msdn.microsoft.com/tzink/2015/03/13/how-to-align-with-spf-and-dmarc-for-your-domain-if-you-use-a-lot-of-3rd-parties-to-send-email-as-you/ We ended up creating a sub-domain to reduce our risk exposure. It has worked well so far with at least 2 other mail vendors. Regards, Rob Milman Associate Director, Information Security Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 - 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Tuesday, January 23, 2018 3:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Third-party external services using your email domain We're seeing an increasing number of requests for using external services to send emails to internal recipients and wanting to use our "@austincollege.edu" domain as the sender and reply-to. They also want to make sure our spam filters do not catch these emails as spam. We can whitelist the sending server(s), but more services are using large mail vendors like MailChimp. We can white list the specific sender, but some are wanting to use valid addresses (for example, "hr () austincollege edu") and whitelisting those can lead to easier phishing. Do you allow external services to send using your domain? How are you handling these type of emails? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu
Current thread:
- Third-party external services using your email domain Thomas Carter (Jan 23)
- Re: Third-party external services using your email domain Rob Milman (Jan 23)
- <Possible follow-ups>
- Re: Third-party external services using your email domain Blackstone, Chris (Jan 24)