Upload
granikos-gmbh-co-kg
View
302
Download
1
Embed Size (px)
Citation preview
Service Provider Email Implications
Thomas Stensitzki – MCM, MCT, Blogger
What is a Service Provider
External company providing email based services for an enterprise
Usually uses an email domain owned by the enterprise customer to obfuscate the service
Service provider emails are sent from servers owned by the service provider
ExamplesEmail Marketing ServicesTravel AgenciesCloud based Business Services
Service Provider Email Implications
Service provider emails are filtered as spam
Service provider emails are not received by internal recipients
Service provider emails are identified as being sent from an untrusted source
Using an enterprise primary top level domain
Accepted domain:varunagroup.de
Service provider sender [email protected]@varunagroup.de
[email protected] recipient Email Gateway
Email blocked due to identical sender and recipient domain
Solution A – Single Sub Domain
Single sub domain for external service providersemail.varunagroup.de
RequirementDedicated mail server hosting sub domain addresses
Email address verification only – never used for sending emails
Email securityOne SPF Record containing all service provider SPF references
include:spf.nl2go.com include:spf.constantcontact.com
Multiple DKIM records in single DNS zoneprovider1._domainkey.email.varunagroup.deprovider2._domainkey.email.varunagroup.de
Solution B – Multiple Sub Domains
Dedicated sub domains for external service providesnewsletter.varunagroup.debooking.varunagroup.de
RequirementDedicated mail server hosting sub domain addresses
Email address verification only – never used for sending emails
Email securityOne SPF Record per sub domain containing the service provider SPF references
include:spf.nl2go.com
Single DKIM record per DNS zoneprovider1._domainkey.newsletter.varunagroup.deprovider2._domainkey.booking.varunagroup.de
Using an enterprise sub domain
Accepted domain:varunagroup.de
Service provider sender [email protected]@email.varunagroup.de
[email protected] recipient Email Gateway
Email accepted due to different sender and recipient domains
Technical Implementation – Example
Enterprise Email Servere.g. Exchange Server
Sub Domain Email Servere.g. SmarterMail
External IP addressesPrimary MX RecordsReverse DNS Setup
Email Security Gatewaye.g. NoSpamProxy
External IP addressSub Domain MX RecordsNo Reverse DNS Setup
Internal DNS ServerTop Level/Sub Domain Zones
SPF, DKIM
External DNS ServerTop Level/Sub Domain Zones
SPF, DKIM, DMARC
Contact
Granikos GmbH & Co. KGWeb: https://www.granikos.eu Email: [email protected] Blog: http://blog.granikos.eu
Thomas StensitzkiWeb: http://www.stensitzki.de Twitter: @StensitzkiBlog: http://JustCantGetEnough.Granikos.eu