Series Introduction l Internal Infrastructure
Previous article in the series can be found here.
Let’s go back to the cocktail party scenario I talked about last week. Imagine you are at a cocktail party and someone you don’t know hands you their business card and the card has your company logo on it. Maybe you work for a big company and don’t know all your coworkers, so you don’t think twice about it. You ask what department they work in, only to find out that, well, they don’t exactly work at your company, but they contract with your marketing department.
This is essentially what third party senders are doing on behalf of your brand every day. Although the marketing department is often the one singled-out in these examples, almost any department in a company can bring in third party senders.
When these senders are vetted through the IT department from the beginning, making sure everything is in compliance, then IT is aware that the vendor will be sending from a company domain. However, we all know that at companies both big and small, not everything gets run past IT first. I get it. I really do! Maybe you are part of an agile team that prides itself on thinking outside the box. You are moving fast and breaking things! Chances are that other departments in your organization are doing the same thing, and pretty soon no one is quite sure who is sending on behalf of the company.
To give you an idea on who might be sending email from your company’s domain, here is a short list of common, potential third party senders
- Marketo
- Eloqua
- Salesforce/Pardot
- Mail Chimp
- HubSpot
- Google Apps
- Survey Monkey
- Zendesk
- Constant Contact
- AWeber
- Dreamhost
- Voltage SecureMail Network
A great thing that DMARC does is bring these unknown third party senders to the surface for you. Don’t worry that you have to go department to department, shaking down your coworkers and demanding they give up their third party vendors’ names & IP addresses. Put a DMARC monitor policy in place and pretty soon you will have a clear picture of who is sending from your domains. Once that is done, you can work with your vendors to implement DMARC so they can become authenticated senders of your company communications. Then, the next time the marketing department decides to go rogue, you will catch them in the act.
Check back next week when we continue our series on The Four Types of Senders and take a look at Forwarders.