External Company send in name of corporate domain (SPF) (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Installation


Harald -> External Company send in name of corporate domain (SPF) (10.Oct.2014 11:19:09 AM)

Hi everyone,

I am looking for a best practise solution for a problem and hope that someone in this board can help me.

My problem:
I have an external company which is sending mails with a sender address of our company. However we did not list this company's servers in our SPF record and therefore their mails are often blocked as spam.
As the Exchange administrator I do not want to trust this company, because I don't have any influence on their security standards - and worry if they get hacked someone could send mails in name of our company resulting that we get globally blacklisted.

Possible solutions?:
1) connect the company to our internal infrastructure (VPN) and let them send via our Exchange (so we are at least in control of the mail traffic).
2) Use a seperate subdomain of our domain e.g. relay.company.com and include the external company in the SPF for this subdomain only.

Additional question to the second solution.
What are the topics I need to care about beside setting the SPF correctly e.g. some SMTP servers are performing MX lookups of the sender IP to do addtional checks(?) Are there any other security mechanisms that I need to care about?

Any input is very welcome :)

Thank you.

Page: [1]