It’s really a business decision for you to make. All of the solutions are viable and workable and manageable.
As for explaining the choice, I’m not mailchimp, but I have consulted for them in the past and have spent more than a few evenings with different employees there. I believe allowing folks to send from @gmail.com (or, in fact, any validated From: address) has to do primarily with who their target market is and what technology and resources the customer has. As for separating your customers, you’re never going to be able to completely isolate them from each other. Every ISP is going to know they are your customers. If you don’t enforce good behavior then no matter what you do, that is going to eventually smear across your entire customer base. An example from yesterday. A friend posted on Facebook saying that his brand new IP from a particular VPS service was blocked at Gmail. And how could he get it delisted. Come to find out, that specific VPS service is a rats nest of botnet C&C machines, ROKSO spammers and other nefarious senders. Each customer of the VPS is completely isolated from the other, but because the VPS is so horrible at compliance, no one can send mail from there (rightfully so, IMO). Isolating on IPs or by CNAMES is a solid business decision. But it doesn’t relieve providers of their obligation to police their customers. laura > On Aug 21, 2018, at 9:42 AM, Penny Gray via mailop <mailop@mailop.org> wrote: > > I understand getting CNAME delegation for everyone would be ideal, but I > guess we were looking for a solution to better isolate sender reputation > without doing that. We give the option but there are many senders using our > shared domain e.g: company.intercom-mail.com > <http://company.intercom-mail.com/> > > I do find it interesting that Mailchimp, Sendgrid and other large ESPs let > you send from the address you signed up with e.g: pe...@gmail.com > <mailto:pe...@gmail.com>, automatically. I suspected that it was helping with > reputation containment in some way. Anyone here from an ESP who does this > that can explain the choice? I feel it discourages people from doing the DNS > setup if they could just send from their own address straight away. > > Can we better separate senders without complete CNAME delegation enforcement? > Multiple domains will look snowshoe-y. Is it just better vetting of bad > actors and enforcing CNAME delegation on all new senders? > >> On 21 Aug 2018, at 10:28, Vladimir Dubrovin <dubro...@corp.mail.ru >> <mailto:dubro...@corp.mail.ru>> wrote: >> >> >> "From" domain is rarely used for reputation directly, usually authenticated >> domains (SPF that is envelope-from and DKIM domains) are used, but currently >> it's quite important for From domain to be authenticated regardless of >> DMARC, that is it must be aligned with at least one of SPF/DKIM domains, so >> it's generally bad idea to allow From domain without authentication even if >> DMARC policy is not published. You can use another CNAME delegation (on >> allow customer to publish a DKIM key) to DKIM sign message with delegated >> domain. Best practice here is to use 2 DKIM signature (onefor your domain >> to share a reputation and one aligned with From domain). Also, you can use >> CNAME delegated domain for envelope-from. >> >> 20.08.2018 19:34, Penny Gray via mailop пишет: >>> Hi folks 👋, >>> Was hoping to get some input on sending reputation. We’re looking to make >>> some changes to how we identify our senders in outbound mail. Our senders >>> do have options for CNAME delegation so we can identify their mail, but >>> it’s not enforced and lots of people still use our shared domain. In this >>> case we assign the sender a subdomain of our sending domain >>> intercom-mail.com <http://intercom-mail.com/> e.g: >>> bob.lob...@bobscompany.intercom-mail.com >>> <mailto:bob.lob...@bobscompany.intercom-mail.com>. The reputation of the >>> organisational domain is always at risk this way. >>> >>> We want to let the sender put their verified address (e.g: >>> bob.lob...@bobscompany.com <mailto:bob.lob...@bobscompany.com>) in the From >>> header (provided the domain doesn’t have DMARC enabled). It seems it’s what >>> most big players do (Mailchimp, Sendgrid etc). >>> >>> Do you know how much reputation is attributed to the From header as opposed >>> to the Envelope From and other parts of the message? I know each >>> ESP/blacklist is different but do you know of any resources you could point >>> me to for this? >>> >>> Kind Regards, >>> Penny-Merelle Gray >>> Team-Delivery >>> pe...@intercom.io <mailto:pe...@intercom.io> >>> >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org <mailto:mailop@mailop.org> >>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >>> <https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop> >> >> -- >> Vladimir Dubrovin >> @Mail.Ru > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
